Unrated severityNVD Advisory· Published Dec 13, 2022· Updated Apr 14, 2025

Wiesemann & Theis: Multiple products prone to missing authentication through spoofing

CVE-2022-4098

Description

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.

Affected products

Wiesemann & Theis/Com Server Highspeed Oemv5
Range: 0
Wiesemann & Theis/Com Server Highspeed Poev5
Range: 0
Wiesemann & Theis/Com Server Highspeed 100baselxv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.vde.com/en/advisories/VDE-2022-057/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000