CVE-2023-5222

Name of the Vulnerable Software and Affected Versions Viessmann Vitogate 300 versions up to 2.1.3.0

Description A critical vulnerability was found in the Web Management Interface component of Viessmann Vitogate 300. This issue affects the isValidUser function of the file /cgi-bin/vitogate.cgi, leading to the use of a hard-coded password. The exploit has been disclosed publicly and may be used. The vulnerability is being actively exploited.

Recommendations For versions up to 2.1.3.0, as a temporary workaround, consider disabling the isValidUser function until a patch is available. Restrict access to the /cgi-bin/vitogate.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.