CVE-2022-45138

Name: CVE-2022-45138
Creator: NVD / NIST
Published: 2023-02-27T15:15:11.317+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.74%

Last modified Jun 17, 2026

CVE-2022-45138 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.

Description

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.74%

49.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

Affected Software

Vendor	Product	Versions
Wago	751-9301 Firmware	>= 16, < 22
Wago	751-9301 Firmware	22
Wago	751-9301 Firmware	23
Wago	752-8303\/8000-002 Firmware	>= 18, < 22
Wago	752-8303\/8000-002 Firmware	22
Wago	752-8303\/8000-002 Firmware	23
Wago	Pfc100 Firmware	>= 16, < 22
Wago	Pfc100 Firmware	22
Wago	Pfc100 Firmware	23
Wago	Pfc200 Firmware	>= 16, < 22
Wago	Pfc200 Firmware	22
Wago	Pfc200 Firmware	23
Wago	Touch Panel 600 Advanced Firmware	>= 16, < 22
Wago	Touch Panel 600 Advanced Firmware	22
Wago	Touch Panel 600 Advanced Firmware	23
Wago	Touch Panel 600 Marine Firmware	>= 16, < 22
Wago	Touch Panel 600 Marine Firmware	22
Wago	Touch Panel 600 Marine Firmware	23
Wago	Touch Panel 600 Standard Firmware	>= 16, < 22
Wago	Touch Panel 600 Standard Firmware	22
Wago	Touch Panel 600 Standard Firmware	23

References

https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory

Timeline

Published: Feb 27, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-45138?

How severe is CVE-2022-45138?

CVE-2022-45138 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.74% probability of exploitation in the next 30 days.

How do I fix CVE-2022-45138?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-45138?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST