cbcvebase.
CVE-2022-2302
published 2022-07-11

CVE-2022-2302: Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.59%
72.6th percentile
Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.

Affected

6 ranges
VendorProductVersion rangeFixed in
lenzec520_firmware>= 1.07.00.2757 < 01.08.01.302101.08.01.3021
lenzec550_firmware>= 1.07.00.2757 < 01.08.01.302101.08.01.3021
lenzec750_firmware>= 1.07.00.2757 < 01.08.01.302101.08.01.3021
lenzecabinet_c520>= V01.07.00.2757 < V01.08.01.3021V01.08.01.3021
lenzecabinet_c550>= V01.07.00.2757 < V01.08.01.3021V01.08.01.3021
lenzecabinet_c750>= V01.07.00.2757 < V01.08.01.3021V01.08.01.3021

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.