Wiesemann&Theis · Wiesemann&Theis Comserver Series · CVE-2022-4098
**Name of the Vulnerable Software and Affected Versions**
Wiesemann&Theis ComServer Series (affected versions not specified)
**Description**
The issue allows an unauthenticated attacker in the same subnet to bypass authentication through IP spoofing. After a user logs in to the WBM of the Com-Server, the attacker can obtain the session ID. By crafting modified HTTP Get requests, the attacker can change arbitrary settings, potentially resulting in a complete takeover of the device.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.