CVE-2022-42785

Summary

Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.

Affected Software

VendorProductVersion RangeStatus
Wiesemann & TheisCom-Server LC1.0 < 1.48affected
Wiesemann & TheisCom-Server PoE 3 x Isolated1.0 < 1.48affected
Wiesemann & TheisCom-Server 20mA1.0 < 1.48affected
Wiesemann & TheisCom-Server ++1.0 < 1.48affected
Wiesemann & TheisAT-Modem-Emulator1.0 < 1.48affected
Wiesemann & TheisCom-Server UL1.0 < 1.48affected
Wiesemann & TheisCom-Server Highspeed 100BaseFX1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed 100BaseLX1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed Office 1 Port1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed Office 4 Port1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed Industry1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed OEM1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed Compact1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed Isolated1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed 19" 1Port1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed 19" 4Port1.0 < 1.76affected
Wiesemann & TheisCom-Server Highspeed PoE1.0 < 1.76affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References