Share: Email | Twitter

ID

VDE-2022-057

Published

2022-12-13 08:00 (CET)

Last update

2022-12-13 08:18 (CET)

Vendor(s)

Wiesemann & Theis GmbH

Product(s)

Article No┬░ Product Name Affected Version(s)
58665 Com-Server ++ < 1.55
58664 Com-Server 20mA < 1.55
58651 Com-Server Highspeed 100BaseFX < 1.78
58652 Com-Server Highspeed 100BaseLX < 1.78
58331 Com-Server Highspeed 19" 1Port < 1.78
58334 Com-Server Highspeed 19" 4Port < 1.78
58231 Com-Server Highspeed Compact < 1.78
58631 Com-Server Highspeed Industry < 1.78
58633 Com-Server Highspeed Isolated < 1.78
58431 Com-Server Highspeed OEM < 1.78
58031 Com-Server Highspeed Office 1 Port < 1.78
58034 Com-Server Highspeed Office 4 Port < 1.78
58641 Com-Server Highspeed PoE < 1.78
58661 Com-Server LC < 1.55
58662 Com-Server PoE 3 x Isolated < 1.55
58669 Com-Server UL < 1.55

Summary

Multiple Wiesemann & Theis product families are affected by a vulnerability in the web interface. The device allows an unauthenticated attacker to get the session ID of a logged in user. He may then spoof his IP address to act as the logged in user.


Last Update:

Dec. 13, 2022, 10:34 a.m.

Weakness

Authentication Bypass by Spoofing  (CWE-290) 

Summary

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.


Impact

The attacker can set all settings and take over the device completely.

Solution

  • Update Com-Server family to version 1.55 or higher
  • Update Com-Server Highspeed family to version 1.78 or higher

Reported by

CERT@VDE coordinated with Wiesemann & Theis
Wiesemann & Theis would like to thank Martin Weiß for responsibly disclosing this vulnerability.