GCVE - cpe:2.3:a:wiesemann_&_theis:com-server_ul:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wiesemann_&_theis:com-server_ul:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wiesemann & Theis (`1d670462-fe11-587d-a320-4167bbd25630`)
Product	Com Server Ul (`364cca26-c924-56a4-a721-fdbbf753cbfd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-3200`	vulnerable	2026-06-03 15:01:03.971844	Com-Server Exposed via Weak TLS CRITICAL (9.1) An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems. Published: 2025-04-28T09:37:02.366Z Updated: 2025-04-28T12:23:31.446Z Open on db.gcve.eu Reference links https://certvde.com/en/advisories/VDE-2025-031/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4098`	vulnerable	2026-06-03 14:48:35.067101	Wiesemann & Theis: Multiple products prone to missing authentication through spoofing HIGH (8) Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device. Published: 2022-12-13T07:26:17.752Z Updated: 2025-04-14T18:12:33.668Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2022-057/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-42787`	vulnerable	2026-06-03 14:48:13.063907	Wiesemann & Theis: Small number space for allocating session id in Com-Server family HIGH (8.8) Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required. Published: 2022-11-10T11:06:20.856Z Updated: 2025-05-01T19:01:20.740Z Open on db.gcve.eu Reference links https://cert.vde.com/de/advisories/VDE-2022-043	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-42786`	vulnerable	2026-06-03 14:48:13.062061	Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family MEDIUM (5.4) Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage Published: 2022-11-10T11:02:32.615Z Updated: 2025-04-29T14:56:50.373Z Open on db.gcve.eu Reference links https://cert.vde.com/de/advisories/VDE-2022-043/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-42785`	vulnerable	2026-06-03 14:48:13.023113	Wiesemann & Theis: Authentication bypass in Com-Server family CRITICAL (9.8) Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request. Published: 2022-11-10T11:01:41.011Z Updated: 2025-05-01T19:02:00.365Z Open on db.gcve.eu Reference links https://cert.vde.com/de/advisories/VDE-2022-043/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.