CVE-2022-3843 - OpenCVE

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wago	852-111\/000-001 852-111\/000-001 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:wago:852-111\/000-001:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:852-111\/000-001_firmware:01:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2022-055/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-02-16T14:58:44.343Z

Updated: 2023-02-16T14:58:44.343Z

Reserved: 2022-11-02T17:42:15.118Z

Link: CVE-2022-3843

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-16T15:15:17.507

Modified: 2023-11-07T03:51:52.167

Link: CVE-2022-3843

JSON object: View

Redhat Information

No data.

CWE

CWE-912

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3843", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-11-02T17:42:15.118Z", "datePublished": "2023-02-16T14:58:44.343Z", "dateUpdated": "2023-02-16T14:58:44.343Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Unmanaged Switch 852-111/000-001", "vendor": "WAGO", "versions": [{"status": "affected", "version": "01"}]}], "datePublic": "2023-02-16T13:45:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.<br>"}], "value": "In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.\n"}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Hidden functionality", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-02-16T14:58:44.343Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-055/"}], "source": {"advisory": "VDE-2022-055", "defect": ["CERT@VDE#64279"], "discovery": "UNKNOWN"}, "title": "WAGO: Exposure of configuration interface in unmanaged switches", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}