CVE-2022-45140

Name: CVE-2022-45140
Creator: NVD / NIST
Published: 2023-02-27T15:15:11.503+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.07%

Last modified Jun 17, 2026

CVE-2022-45140 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.. EPSS estimates a 1.07% chance of exploitation in the next 30 days.

Description

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.07%

60.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

Affected Software

Vendor	Product	Versions
Wago	751-9301 Firmware	>= 16, < 22
Wago	751-9301 Firmware	22
Wago	751-9301 Firmware	23
Wago	752-8303\/8000-002 Firmware	>= 18, < 22
Wago	752-8303\/8000-002 Firmware	22
Wago	752-8303\/8000-002 Firmware	23
Wago	Pfc100 Firmware	>= 16, < 22
Wago	Pfc100 Firmware	22
Wago	Pfc100 Firmware	23
Wago	Pfc200 Firmware	>= 16, < 22
Wago	Pfc200 Firmware	22
Wago	Pfc200 Firmware	23
Wago	Touch Panel 600 Advanced Firmware	>= 16, < 22
Wago	Touch Panel 600 Advanced Firmware	22
Wago	Touch Panel 600 Advanced Firmware	23
Wago	Touch Panel 600 Marine Firmware	>= 16, < 22
Wago	Touch Panel 600 Marine Firmware	22
Wago	Touch Panel 600 Marine Firmware	23
Wago	Touch Panel 600 Standard Firmware	>= 16, < 22
Wago	Touch Panel 600 Standard Firmware	22
Wago	Touch Panel 600 Standard Firmware	23

References

https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory

Timeline

Published: Feb 27, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-45140?

How severe is CVE-2022-45140?

CVE-2022-45140 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.07% probability of exploitation in the next 30 days.

How do I fix CVE-2022-45140?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-45140?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST