What is CVE-2022-2302?

CVE-2022-2302 is a critical-severity vulnerability in Lenze Cabinet C520, classified under Missing Critical Step in Authentication. CVSS score: 9.8/10. Published 2022-07-11.

How severe is CVE-2022-2302?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Lenze Cabinet C520

CVE-2022-2302

Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.

EPSS: 0.007 (72.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenze Cabinet C520 — versions V01.07.00.2757
Lenze Cabinet C550 — versions V01.07.00.2757
Lenze Cabinet C750 — versions V01.07.00.2757

Weakness classification (CWE)

CWE-304 — Missing Critical Step in Authentication

References

cert.vde.com/en/advisories/VDE-2022-030/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-2302?: CVE-2022-2302 is a critical-severity vulnerability in Lenze Cabinet C520, classified under Missing Critical Step in Authentication. CVSS score: 9.8/10. Published 2022-07-11.
How severe is CVE-2022-2302?: Critical severity. CVSS v3 base score is 9.8 out of 10.