CVE-2022-3575 - Vulnerability Details - OpenCVE

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Frauscher	Frauscher Diagnostic System 102

Configuration 1 [-]

OR	cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.8.0:::::fadc_r2::
	cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.8.0:::::fadci_r2::
	cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.0:::::fadc_r2::
	cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.0:::::fadci_r2::
	cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.1:::::fadc_r2::
	cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.1:::::fadci_r2::

No data.

References

Link	Providers
https://www.frauscher.com/en/psirt

History

Mon, 05 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-11-02T16:15:33.921Z

Updated: 2025-05-05T13:43:51.404Z

Reserved: 2022-10-18T00:00:00.000Z

Link: CVE-2022-3575

Vulnrichment

Updated: 2024-08-03T01:14:02.455Z

NVD

Status : Modified

Published: 2022-11-02T17:15:18.673

Modified: 2024-11-21T07:19:48.033

Link: CVE-2022-3575

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3575", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "datePublished": "2022-11-02T16:15:33.921Z", "dateUpdated": "2025-05-05T13:43:51.404Z", "dateReserved": "2022-10-18T00:00:00.000Z"}, "containers": {"cna": {"title": "Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability", "datePublic": "2022-11-01T00:00:00.000Z", "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2022-11-02T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device."}], "affected": [{"vendor": "Frauscher Sensortechnik", "product": "Diagnostic System FDS102", "versions": [{"version": "v2.8.0", "status": "affected", "lessThanOrEqual": "v2.9.1", "versionType": "custom"}]}], "references": [{"url": "https://www.frauscher.com/en/psirt"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434"}]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "source": {"defect": ["CERT@VDE#64262"], "discovery": "INTERNAL"}, "solutions": [{"lang": "en", "value": "Update to v2.9.2 or higher."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.455Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.frauscher.com/en/psirt", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T13:43:41.724498Z", "id": "CVE-2022-3575", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:43:51.404Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3575", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "datePublished": "2022-11-02T16:15:33.921Z", "dateUpdated": "2025-05-05T13:43:51.404Z", "dateReserved": "2022-10-18T00:00:00.000Z"}, "containers": {"cna": {"title": "Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability", "datePublic": "2022-11-01T00:00:00.000Z", "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2022-11-02T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device."}], "affected": [{"vendor": "Frauscher Sensortechnik", "product": "Diagnostic System FDS102", "versions": [{"version": "v2.8.0", "status": "affected", "lessThanOrEqual": "v2.9.1", "versionType": "custom"}]}], "references": [{"url": "https://www.frauscher.com/en/psirt"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434"}]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "source": {"defect": ["CERT@VDE#64262"], "discovery": "INTERNAL"}, "solutions": [{"lang": "en", "value": "Update to v2.9.2 or higher."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.455Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.frauscher.com/en/psirt", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3575", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-05T13:43:41.724498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:43:47.997Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.8.0:*:*:*:*:fadc_r2:*:*", "matchCriteriaId": "F46EB758-1260-40FB-A5D5-87C11CA5964B", "vulnerable": true}, {"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.8.0:*:*:*:*:fadci_r2:*:*", "matchCriteriaId": "ADB27623-E59D-4062-90AB-7787624971B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.0:*:*:*:*:fadc_r2:*:*", "matchCriteriaId": "A66B5545-5CF4-4CD2-93BA-D77D5A889DD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.0:*:*:*:*:fadci_r2:*:*", "matchCriteriaId": "FC2D7FAF-C89C-49DC-B85A-BD36E4B7B9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.1:*:*:*:*:fadc_r2:*:*", "matchCriteriaId": "27810BDA-FED1-48CD-B3D8-6B60C0B9195C", "vulnerable": true}, {"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.1:*:*:*:*:fadci_r2:*:*", "matchCriteriaId": "F32CAEB4-0CCD-463D-AAFE-88AD4FF6D3EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device."}, {"lang": "es", "value": "Frauscher Sensortechnik GmbH FDS102 para FAdC R2 y FAdCi R2 v2.8.0 a v2.9.1 son vulnerables a la carga de c\u00f3digos maliciosos sin autenticaci\u00f3n mediante la funci\u00f3n de carga de configuraci\u00f3n. Esto podr\u00eda provocar un compromiso total del dispositivo FDS102."}], "id": "CVE-2022-3575", "lastModified": "2024-11-21T07:19:48.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2022-11-02T17:15:18.673", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://www.frauscher.com/en/psirt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.frauscher.com/en/psirt"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "info@cert.vde.com", "type": "Secondary"}]}