CVE-2022-45139

CWE-3463 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 61.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Compact Controller Cc100 (751-9301)Wago Edge Controller (752-8303/8000-002)Wago Pfc100 (750-81xx/xxx-xxx)+11 more

Timeline

PublishedFeb 27

Description

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages14 packages

▶NVDwago/pfc100_firmware16 — 22+2

▶NVDwago/pfc200_firmware16 — 22+2

▶NVDwago/751-9301_firmware16 — 22+2

▶CVEListV5wago/pfc100_(750-81xx/xxx-xxx)FW16 — FW22+1

▶CVEListV5wago/pfc200_(750-82xx/xxx-xxx)FW16 — FW22+1

🔴Vulnerability Details

CVEList

WAGO: Origin validation error through CORS misconfiguration↗2023-02-27

▶

GHSA

GHSA-p586-5mqw-6f9x: A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver↗2023-02-27

▶