CVE-2022-50975

Summary

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

Affected Software

VendorProductVersion RangeStatus
InnomicVibroLine VLX1 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX1 HD 5.02.1.1866unaffected
InnomicVibroLine VLX2 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX2 HD 5.02.1.1866unaffected
InnomicVibroLine VLX4 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX4 HD 5.02.1.1866unaffected
InnomicVibroLine VLX6 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX6 HD 5.02.1.1866unaffected
InnomicVibroLine VLX8 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX8 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLX1 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX1 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLX2 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX2 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLX4 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX4 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLX6 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX6 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLX8 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX8 HD 5.02.1.1866unaffected
InnomicVibroLine VLE1 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE2 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE4 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE6 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE8 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicAvibiaLine AVLE1 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicAvibiaLine AVLE2 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicAvibiaLine AVLE4 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicAvibiaLine AVLE6 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicAvibiaLine AVLE8 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE1 HD 5.02.1.1866unaffected
InnomicVibroLine VLE2 HD 5.02.1.1866unaffected
InnomicVibroLine VLE4 HD 5.02.1.1866unaffected
InnomicVibroLine VLE6 HD 5.02.1.1866unaffected
InnomicVibroLine VLE8 HD 5.02.1.1866unaffected
InnomicVibroLine VLE1 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE2 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE4 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE6 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE8 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLX1 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX2 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX4 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX6 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX8 HD 4.01.5.1074 <= 1.5.1116unaffected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References