CVE-2022-2302

LENZE: Missing password verification in authorisation procedure

CVSS 9.8 CRITICALEPSS 1.6%CWE-304

Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

LENZE · cabinet c520 LENZE · cabinet c550 LENZE · cabinet c750

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert.vde.com/en/advisories/VDE-2022-030/