CVE-2022-4098

Name: CVE-2022-4098
Creator: NVD / NIST
Published: 2022-12-13T08:15:10.283+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8/10EPSS 0.34%

Last modified Jun 17, 2026

CVE-2022-4098 is a high-severity vulnerability rated 8/10 on the CVSS scale. Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.

Metrics

CVSS 3.1

8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.34%

25.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-290

Affected Software

Vendor	Product	Versions
Wut	Com-Server \+\+ Firmware	< 1.55
Wut	Com-Server 20ma Firmware	< 1.55
Wut	Com-Server Highspeed 100basefx Firmware	< 1.78
Wut	Com-Server Highspeed 100baselx Firmware	< 1.78
Wut	Com-Server Highspeed 19\" 1port Firmware	< 1.78
Wut	Com-Server Highspeed 19\" 4port Firmware	< 1.78
Wut	Com-Server Highspeed Compact Firmware	< 1.78
Wut	Com-Server Highspeed Industry Firmware	< 1.78
Wut	Com-Server Highspeed Isolated Firmware	< 1.78
Wut	Com-Server Highspeed Oem Firmware	< 1.78
Wut	Com-Server Highspeed Office 1port Firmware	< 1.78
Wut	Com-Server Highspeed Office 4port Firmware	< 1.78
Wut	Com-Server Highspeed Poe Firmware	< 1.78
Wut	Com-Server Highspeed Lc Firmware	< 1.55
Wut	Com-Server Highspeed Poe 3x Isolated Firmware	< 1.55
Wut	Com-Server Highspeed Ul Firmware	< 1.55

References

https://cert.vde.com/en/advisories/VDE-2022-057/Vendor Advisory
https://cert.vde.com/en/advisories/VDE-2022-057/Vendor Advisory

Timeline

Published: Dec 13, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-4098?

How severe is CVE-2022-4098?

CVE-2022-4098 has a CVSS score of 8/10 (HIGH severity). The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.

How do I fix CVE-2022-4098?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-4098?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST