Unrated severityNVD Advisory· Published Nov 10, 2022· Updated May 1, 2025

Wiesemann & Theis: Small number space for allocating session id in Com-Server family

CVE-2022-42787

Description

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

Affected products

Wiesemann & Theis/Com Server Highspeed Oemv5
Range: 1.0
Wiesemann & Theis/Com Server Highspeed Poev5
Range: 1.0
Wiesemann & Theis/Com Server Highspeed 100baselxv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.vde.com/de/advisories/VDE-2022-043mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000