| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 58666 | AT-Modem-Emulator | < 1.48 |
| 58665 | Com-Server ++ | < 1.48 |
| 58664 | Com-Server 20mA | < 1.48 |
| 58651 | Com-Server Highspeed 100BaseFX | < 1.76 |
| 58652 | Com-Server Highspeed 100BaseLX | < 1.76 |
| 58331 | Com-Server Highspeed 19" 1Port | < 1.76 |
| 58334 | Com-Server Highspeed 19" 4Port | < 1.76 |
| 58231 | Com-Server Highspeed Compact | < 1.76 |
| 58631 | Com-Server Highspeed Industry | < 1.76 |
| 58633 | Com-Server Highspeed Isolated | < 1.76 |
| 58431 | Com-Server Highspeed OEM | < 1.76 |
| 58031 | Com-Server Highspeed Office 1 Port | < 1.76 |
| 58034 | Com-Server Highspeed Office 4 Port | < 1.76 |
| 58641 | Com-Server Highspeed PoE | < 1.76 |
| 58661 | Com-Server LC | < 1.48 |
| 58662 | Com-Server PoE 3 x Isolated | < 1.48 |
| 58669 | Com-Server UL | < 1.48 |
Multiple Wiesemann & Theis product families are affected by multiple vulnerabilities in the web interface.
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to the his account on the the device.
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage.
See CVEs for further details.
• Update Com-Server Family to version 1.48 or higher.
• Update the Com-Server Highspeed Family to version 1.76 or higher.
CERT@VDE coordinated with Wiesemann & Theis GmbH