// For flags

CVE-2022-3738

WAGO: Missing authentication for config export functionality in multiple products

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

La vulnerabilidad permite a un atacante remoto no autenticado descargar un archivo de copia de seguridad, si existe. Ese archivo de copia de seguridad puede contener información confidencial, como credenciales y material criptográfico. Un usuario válido debe crear una copia de seguridad después del último reinicio para que este ataque tenga éxito.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-28 CVE Reserved
  • 2023-01-19 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
  • CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
URL Tag Source
https://cert.vde.com/en/advisories/VDE-2022-054 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wago
Search vendor "Wago"
Pfc100 Firmware
Search vendor "Wago" for product "Pfc100 Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Pfc100 Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Pfc100
Search vendor "Wago" for product "Pfc100"
--
Safe
Wago
Search vendor "Wago"
Pfc200 Firmware
Search vendor "Wago" for product "Pfc200 Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Pfc200 Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Pfc200
Search vendor "Wago" for product "Pfc200"
--
Safe
Wago
Search vendor "Wago"
Touch Panel 600 Advanced Firmware
Search vendor "Wago" for product "Touch Panel 600 Advanced Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Touch Panel 600 Advanced Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Touch Panel 600 Advanced
Search vendor "Wago" for product "Touch Panel 600 Advanced"
--
Safe
Wago
Search vendor "Wago"
Touch Panel 600 Standard Firmware
Search vendor "Wago" for product "Touch Panel 600 Standard Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Touch Panel 600 Standard Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Touch Panel 600 Standard
Search vendor "Wago" for product "Touch Panel 600 Standard"
--
Safe
Wago
Search vendor "Wago"
Touch Panel 600 Marine Firmware
Search vendor "Wago" for product "Touch Panel 600 Marine Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Touch Panel 600 Marine Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Touch Panel 600 Marine
Search vendor "Wago" for product "Touch Panel 600 Marine"
--
Safe
Wago
Search vendor "Wago"
Cc100 Firmware
Search vendor "Wago" for product "Cc100 Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Cc100 Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Cc100
Search vendor "Wago" for product "Cc100"
--
Safe
Wago
Search vendor "Wago"
Edge Controller Firmware
Search vendor "Wago" for product "Edge Controller Firmware"
>= 16 <= 22
Search vendor "Wago" for product "Edge Controller Firmware" and version " >= 16 <= 22"
-
Affected
in Wago
Search vendor "Wago"
Edge Controller
Search vendor "Wago" for product "Edge Controller"
--
Safe