Vulnerability Details CVE-2022-3738
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.1%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2022-3738
-
cpe:2.3:h:wago:cc100:-
-
cpe:2.3:h:wago:edge_controller:-
-
cpe:2.3:h:wago:pfc100:-
-
cpe:2.3:h:wago:pfc200:-
-
cpe:2.3:h:wago:touch_panel_600_advanced:-
-
cpe:2.3:h:wago:touch_panel_600_marine:-
-
cpe:2.3:h:wago:touch_panel_600_standard:-
-
cpe:2.3:o:wago:cc100_firmware:16
-
cpe:2.3:o:wago:cc100_firmware:22
-
cpe:2.3:o:wago:edge_controller_firmware:16
-
cpe:2.3:o:wago:edge_controller_firmware:18
-
cpe:2.3:o:wago:edge_controller_firmware:22
-
cpe:2.3:o:wago:pfc100_firmware:16
-
cpe:2.3:o:wago:pfc100_firmware:20
-
cpe:2.3:o:wago:pfc100_firmware:22
-
cpe:2.3:o:wago:pfc200_firmware:16
-
cpe:2.3:o:wago:pfc200_firmware:20
-
cpe:2.3:o:wago:pfc200_firmware:22
-
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:16
-
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22
-
cpe:2.3:o:wago:touch_panel_600_marine_firmware:16
-
cpe:2.3:o:wago:touch_panel_600_marine_firmware:22
-
cpe:2.3:o:wago:touch_panel_600_standard_firmware:16
-
cpe:2.3:o:wago:touch_panel_600_standard_firmware:22