Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42787

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-10 Nov, 2022 | 11:06
Updated At-01 May, 2025 | 19:01
Rejected At-
Credits

Wiesemann & Theis: Small number space for allocating session id in Com-Server family

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:10 Nov, 2022 | 11:06
Updated At:01 May, 2025 | 19:01
Rejected At:
▼CVE Numbering Authority (CNA)
Wiesemann & Theis: Small number space for allocating session id in Com-Server family

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Affected Products
Vendor
Wiesemann & Theis
Product
Com-Server LC
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.48 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server PoE 3 x Isolated
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.48 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server 20mA
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.48 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server ++
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.48 (semver)
Vendor
Wiesemann & Theis
Product
AT-Modem-Emulator
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.48 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server UL
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.48 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed 100BaseFX
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed 100BaseLX
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed Office 1 Port
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed Office 4 Port
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed Industry
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed OEM
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed Compact
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed Isolated
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed 19" 1Port
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed 19" 4Port
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Vendor
Wiesemann & Theis
Product
Com-Server Highspeed PoE
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.76 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-330CWE-330 Use of Insufficiently Random Values
Type: CWE
CWE ID: CWE-330
Description: CWE-330 Use of Insufficiently Random Values
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-112CAPEC-112 Brute Force
CAPEC ID: CAPEC-112
Description: CAPEC-112 Brute Force
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/de/advisories/VDE-2022-043
N/A
Hyperlink: https://cert.vde.com/de/advisories/VDE-2022-043
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/de/advisories/VDE-2022-043
x_transferred
Hyperlink: https://cert.vde.com/de/advisories/VDE-2022-043
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:10 Nov, 2022 | 12:15
Updated At:02 Dec, 2022 | 22:48

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
wut
wut
>>at-modem-emulator>>-
cpe:2.3:h:wut:at-modem-emulator:-:*:*:*:*:*:*:*
wut
wut
>>at-modem-emulator_firmware>>Versions before 1.48(exclusive)
cpe:2.3:o:wut:at-modem-emulator_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_\+\+>>-
cpe:2.3:h:wut:com-server_\+\+:-:*:*:*:*:*:*:*
wut
wut
>>com-server_\+\+_firmware>>Versions before 1.48(exclusive)
cpe:2.3:o:wut:com-server_\+\+_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_20ma>>-
cpe:2.3:h:wut:com-server_20ma:-:*:*:*:*:*:*:*
wut
wut
>>com-server_20ma_firmware>>Versions before 1.48(exclusive)
cpe:2.3:o:wut:com-server_20ma_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_100basefx>>-
cpe:2.3:h:wut:com-server_highspeed_100basefx:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_100basefx_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_100basefx_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_100baselx>>-
cpe:2.3:h:wut:com-server_highspeed_100baselx:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_100baselx_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_100baselx_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_19\"_1port>>-
cpe:2.3:h:wut:com-server_highspeed_19\"_1port:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_19\"_1port_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_19\"_1port_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_19\"_4port>>-
cpe:2.3:h:wut:com-server_highspeed_19\"_4port:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_19\"_4port_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_19\"_4port_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_compact>>-
cpe:2.3:h:wut:com-server_highspeed_compact:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_compact_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_compact_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_industry_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_industry_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_industry>>-
cpe:2.3:h:wut:com-server_highspeed_industry:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_isolated_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_isolated_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_isolated>>-
cpe:2.3:h:wut:com-server_highspeed_isolated:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_oem_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_oem_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_oem>>-
cpe:2.3:h:wut:com-server_highspeed_oem:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_office_1port_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_office_1port_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_office_1port>>-
cpe:2.3:h:wut:com-server_highspeed_office_1port:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_office_4port_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_office_4port_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_office_4port>>-
cpe:2.3:h:wut:com-server_highspeed_office_4port:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_poe_firmware>>Versions before 1.76(exclusive)
cpe:2.3:o:wut:com-server_highspeed_poe_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_poe>>-
cpe:2.3:h:wut:com-server_highspeed_poe:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_lc_firmware>>Versions before 1.48(exclusive)
cpe:2.3:o:wut:com-server_highspeed_lc_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_lc>>-
cpe:2.3:h:wut:com-server_highspeed_lc:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_ul_firmware>>Versions before 1.48(exclusive)
cpe:2.3:o:wut:com-server_highspeed_ul_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_ul>>-
cpe:2.3:h:wut:com-server_highspeed_ul:-:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_poe_3x_isolated_firmware>>Versions before 1.48(exclusive)
cpe:2.3:o:wut:com-server_highspeed_poe_3x_isolated_firmware:*:*:*:*:*:*:*:*
wut
wut
>>com-server_highspeed_poe_3x_isolated>>-
cpe:2.3:h:wut:com-server_highspeed_poe_3x_isolated:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-330Primaryinfo@cert.vde.com
CWE-330Secondarynvd@nist.gov
CWE ID: CWE-330
Type: Primary
Source: info@cert.vde.com
CWE ID: CWE-330
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert.vde.com/de/advisories/VDE-2022-043info@cert.vde.com
Vendor Advisory
Hyperlink: https://cert.vde.com/de/advisories/VDE-2022-043
Source: info@cert.vde.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2022-26647
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.21%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x208_pro_firmwarescalance_x201-3p_irtscalance_x212-2ldscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x212-2ld_firmwarescalance_x212-2scalance_xf204_firmwarescalance_x204-2ts_firmwarescalance_xf204-2ba_irtscalance_x216_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_xf202-2p_irt_firmwarescalance_xf208_firmwarescalance_x208_firmwarescalance_x208_proscalance_x202-2p_irt_proscalance_xf204-2_firmwarescalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x206-1ldscalance_x224_firmwareSCALANCE XF201-3P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2P IRTSCALANCE X202-2P IRT PROSCALANCE X204-2TSSCALANCE X206-1SCALANCE XF204IRTSCALANCE X204IRTSCALANCE X200-4P IRTSCALANCE X224SCALANCE XF208SCALANCE X208SCALANCE XF204-2SCALANCE X204-2LD TSSCALANCE X208PROSCALANCE X204-2LDSCALANCE X204-2SCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE XF206-1SCALANCE X201-3P IRTSCALANCE X206-1LDSCALANCE X212-2SCALANCE XF202-2P IRTSCALANCE X204-2FMSCALANCE XF204SCALANCE X202-2IRTSCALANCE X204IRT PRO
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-9102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.72%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-16205
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.87%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 17:17
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-brocade_sannavBrocade SANnav
CWE ID-CWE-330
Use of Insufficiently Random Values
Details not found