Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.