CVE-2022-45139
published 2023-02-27CVE-2022-45139: A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | 751-9301_firmware | — | — |
| wago | 751-9301_firmware | — | — |
| wago | 751-9301_firmware | >= 16 < 22 | 22 |
| wago | 752-8303_8000-002_firmware | — | — |
| wago | 752-8303_8000-002_firmware | — | — |
| wago | 752-8303_8000-002_firmware | >= 18 < 22 | 22 |
| wago | pfc100_firmware | — | — |
| wago | pfc100_firmware | — | — |
| wago | pfc100_firmware | >= 16 < 22 | 22 |
| wago | pfc200_firmware | — | — |
| wago | pfc200_firmware | — | — |
| wago | pfc200_firmware | >= 16 < 22 | 22 |
| wago | touch_panel_600_advanced_firmware | — | — |
| wago | touch_panel_600_advanced_firmware | — | — |
| wago | touch_panel_600_advanced_firmware | >= 16 < 22 | 22 |
| wago | touch_panel_600_marine_firmware | — | — |
| wago | touch_panel_600_marine_firmware | — | — |
| wago | touch_panel_600_marine_firmware | >= 16 < 22 | 22 |
| wago | touch_panel_600_standard_firmware | — | — |
| wago | touch_panel_600_standard_firmware | — | — |
| wago | touch_panel_600_standard_firmware | >= 16 < 22 | 22 |