Headline
CVE-2022-42786: VDE-2022-043 | CERT@VDE
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
2022-11-07 12:43 (CET) VDE-2022-043
Wiesemann &Theis: Multiple Vulnerabilities in the Com-Server Family
Share: Email | Twitter
**
Published
**
2022-11-07 12:43 (CET)
**
Last update
**
2022-11-07 13:14 (CET)
Vendor(s)
Wiesemann & Theis GmbH
Product(s)
Article No°
Product Name
Affected Version(s)
58666
AT-Modem-Emulator
< 1.48
58665
Com-Server ++
< 1.48
58664
Com-Server 20mA
< 1.48
58651
Com-Server Highspeed 100BaseFX
< 1.76
58652
Com-Server Highspeed 100BaseLX
< 1.76
58331
Com-Server Highspeed 19" 1Port
< 1.76
58334
Com-Server Highspeed 19" 4Port
< 1.76
58231
Com-Server Highspeed Compact
< 1.76
58631
Com-Server Highspeed Industry
< 1.76
58633
Com-Server Highspeed Isolated
< 1.76
58431
Com-Server Highspeed OEM
< 1.76
58031
Com-Server Highspeed Office 1 Port
< 1.76
58034
Com-Server Highspeed Office 4 Port
< 1.76
58641
Com-Server Highspeed PoE
< 1.76
58661
Com-Server LC
< 1.48
58662
Com-Server PoE 3 x Isolated
< 1.48
58669
Com-Server UL
< 1.48
**
Summary
**
Multiple Wiesemann & Theis product families are affected by multiple vulnerabilities in the web interface.
**
Vulnerabilities
**
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can logging without knowledge of the password by crafting a modified HTTP GET Request.
Weakness
Small Space of Random Values (CWE-334)
Summary
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. An unathenticated remote attacker can brute force the session id and gets access to an account on the the device.
Weakness
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)
Summary
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage.
**
Impact
**
See CVEs for further details.
**
Solution
**
• Update Com-Server Family to version 1.48 or higher.
• Update the Com-Server Highspeed Family to version 1.76 or higher.
**
Reported by
**
CERT@VDE coordinated with Wiesemann & Theis GmbH