CVE-2022-45139

Summary

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller CC100 (751-9301)FW16 < FW22affected
WAGOCompact Controller CC100 (751-9301)FW22 Patch 1unaffected
WAGOCompact Controller CC100 (751-9301)FW23affected
WAGOEdge Controller (752-8303/8000-002)FW18 < FW22affected
WAGOEdge Controller (752-8303/8000-002)FW22 Patch 1unaffected
WAGOEdge Controller (752-8303/8000-002)FW23affected
WAGOPFC100 (750-81xx/xxx-xxx)FW16 < FW22affected
WAGOPFC100 (750-81xx/xxx-xxx)FW22 Patch 1unaffected
WAGOPFC100 (750-81xx/xxx-xxx)FW23affected
WAGOPFC200 (750-82xx/xxx-xxx)FW16 < FW22affected
WAGOPFC200 (750-82xx/xxx-xxx)FW22 Patch 1unaffected
WAGOPFC200 (750-82xx/xxx-xxx)FW23affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW16 < FW22affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW23affected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW16 < FW22affected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW23affected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW16 < FW22affected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW23affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References