CVE-2022-3843 - OpenCVE

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago	852-111\/000-001 852-111\/000-001 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:wago:852-111\/000-001:-:*:*:*:*:*:*:*

cpe:2.3:o:wago:852-111\/000-001_firmware:01:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-055/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-02-16T14:58:44.343Z

Updated: 2024-08-03T01:20:58.761Z

Reserved: 2022-11-02T17:42:15.118Z

Link: CVE-2022-3843

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-16T15:15:17.507

Modified: 2023-11-07T03:51:52.167

Link: CVE-2022-3843

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3843", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-11-02T17:42:15.118Z", "datePublished": "2023-02-16T14:58:44.343Z", "dateUpdated": "2024-08-03T01:20:58.761Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Unmanaged Switch 852-111/000-001", "vendor": "WAGO", "versions": [{"status": "affected", "version": "01"}]}], "datePublic": "2023-02-16T13:45:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.<br>"}], "value": "In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.\n"}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Hidden functionality", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-02-16T14:58:44.343Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-055/"}], "source": {"advisory": "VDE-2022-055", "defect": ["CERT@VDE#64279"], "discovery": "UNKNOWN"}, "title": "WAGO: Exposure of configuration interface in unmanaged switches", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.761Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-055/", "tags": ["x_transferred"]}]}]}}