CVE-2022-3738 - OpenCVE

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wago	Pfc200 Firmware Pfc200 Touch Panel 600 Advanced Touch Panel 600 Advanced Firmware Pfc100 Touch Panel 600 Standard Firmware Pfc100 Firmware Touch Panel 600 Standard Edge Controller Touch Panel 600 Marine Cc100 Touch Panel 600 Marine Firmware Edge Controller Firmware Cc100 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:wago:cc100:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:cc100_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2022-054/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-01-19T11:27:51.814Z

Updated: 2023-11-07T09:43:18.629Z

Reserved: 2022-10-28T07:18:40.653Z

Link: CVE-2022-3738

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-19T12:15:11.213

Modified: 2023-11-07T10:15:07.787

Link: CVE-2022-3738

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3738", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-10-28T07:18:40.653Z", "datePublished": "2023-01-19T11:27:51.814Z", "dateUpdated": "2023-11-07T09:43:18.629Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Series WAGO PFC100", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Series WAGO PFC200", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Series WAGO Touch Panel 600 Advanced Line", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Series WAGO Touch Panel 600 Marine Line", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Series WAGO Touch Panel 600 Standard Line", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "WAGO Compact Controller CC100", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "WAGO Edge Controller", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW16", "versionType": "semver"}]}], "datePublic": "2023-01-12T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.</span><br>"}], "value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-11-07T09:43:18.629Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"}], "source": {"advisory": "VDE-2022-054", "defect": ["CERT@VDE#64273"], "discovery": "EXTERNAL"}, "title": "WAGO: Missing authentication for config export functionality in multiple products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15CC83F6-9816-482C-A026-7654BCC95D40", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A4AEA6B-206A-4CEA-ACCE-145B139DF58B", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35EF27EB-EE11-47B6-8382-47910AA3966B", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A470D085-96C4-4DFE-A4E2-1407D49A4D9A", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*", "matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79C7DB93-4282-49DB-B81E-44BBD826BFF8", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:cc100:-:*:*:*:*:*:*:*", "matchCriteriaId": "632388B3-E59E-480E-9F0F-08A9F4E87159", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:cc100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A3E10E2-A0AA-47E2-B314-51A86BEB2208", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F31F6E66-78B4-4F7B-BAE6-0C38D1307A4B", "versionEndIncluding": "22", "versionStartIncluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"}, {"lang": "es", "value": "La vulnerabilidad permite a un atacante remoto no autenticado descargar un archivo de copia de seguridad, si existe. Ese archivo de copia de seguridad puede contener informaci\u00f3n confidencial, como credenciales y material criptogr\u00e1fico. Un usuario v\u00e1lido debe crear una copia de seguridad despu\u00e9s del \u00faltimo reinicio para que este ataque tenga \u00e9xito."}], "id": "CVE-2022-3738", "lastModified": "2023-11-07T10:15:07.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2023-01-19T12:15:11.213", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "info@cert.vde.com", "type": "Primary"}]}