CVE-2022-42787

Wiesemann & Theis: Small number space for allocating session id in Com-Server family

Description

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.67% Top 30%
Vendor Advisory vde.com
Affected: Wiesemann & Theis Com-Server LC
Affected: Wiesemann & Theis Com-Server PoE 3 x Isolated
Affected: Wiesemann & Theis Com-Server 20mA
Affected: Wiesemann & Theis Com-Server ++
Affected: Wiesemann & Theis AT-Modem-Emulator
Affected: Wiesemann & Theis Com-Server UL
Affected: Wiesemann & Theis Com-Server Highspeed 100BaseFX
Affected: Wiesemann & Theis Com-Server Highspeed 100BaseLX
Affected: Wiesemann & Theis Com-Server Highspeed Office 1 Port
Affected: Wiesemann & Theis Com-Server Highspeed Office 4 Port
Affected: Wiesemann & Theis Com-Server Highspeed Industry
Affected: Wiesemann & Theis Com-Server Highspeed OEM
Affected: Wiesemann & Theis Com-Server Highspeed Compact
Affected: Wiesemann & Theis Com-Server Highspeed Isolated
Affected: Wiesemann & Theis Com-Server Highspeed 19" 1Port
Affected: Wiesemann & Theis Com-Server Highspeed 19" 4Port
Affected: Wiesemann & Theis Com-Server Highspeed PoE
Published at:
Updated at:

References

Link Tags
https://cert.vde.com/de/advisories/VDE-2022-043 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-42787?
CVE-2022-42787 has been scored as a high severity vulnerability.
How to fix CVE-2022-42787?
To fix CVE-2022-42787, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-42787 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-42787 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-42787?
CVE-2022-42787 affects Wiesemann & Theis Com-Server LC, Wiesemann & Theis Com-Server PoE 3 x Isolated, Wiesemann & Theis Com-Server 20mA, Wiesemann & Theis Com-Server ++, Wiesemann & Theis AT-Modem-Emulator, Wiesemann & Theis Com-Server UL, Wiesemann & Theis Com-Server Highspeed 100BaseFX, Wiesemann & Theis Com-Server Highspeed 100BaseLX, Wiesemann & Theis Com-Server Highspeed Office 1 Port, Wiesemann & Theis Com-Server Highspeed Office 4 Port, Wiesemann & Theis Com-Server Highspeed Industry, Wiesemann & Theis Com-Server Highspeed OEM, Wiesemann & Theis Com-Server Highspeed Compact, Wiesemann & Theis Com-Server Highspeed Isolated, Wiesemann & Theis Com-Server Highspeed 19" 1Port, Wiesemann & Theis Com-Server Highspeed 19" 4Port, Wiesemann & Theis Com-Server Highspeed PoE.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.