CVE-2022-4098

Summary

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.

Affected Software

VendorProductVersion RangeStatus
Wiesemann & TheisCom-Server ++0 < 1.55affected
Wiesemann & TheisCom-Server 20mA0 < 1.55affected
Wiesemann & TheisCom-Server Highspeed 100BaseFX0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed 100BaseLX0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed 19" 1Port0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed 19" 4Port0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed Compact0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed Industry0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed Isolated0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed OEM0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed Office 1 Port0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed Office 4 Port0 < 1.78affected
Wiesemann & TheisCom-Server Highspeed PoE0 < 1.78affected
Wiesemann & TheisCom-Server LC0 < 1.55affected
Wiesemann & TheisCom-Server PoE 3 x Isolated0 < 1.55affected
Wiesemann & TheisCom-Server UL0 < 1.55affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References