CVE-2022-50975
Session Hijacking via Ethernet Configuration Allows Full Device Access
Publication date: 2026-02-02
Last updated on: 2026-02-02
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 1.4.1074 (inc) to 1.4.1116 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 1.5.1074 (inc) to 1.5.1116 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 2.1.1340 (inc) to 2.1.1387 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 2.1.1866 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline_configurator | From 5.0.2416 (inc) to 5.0.2486 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline_configurator | to 5.1.2730 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50975 is a vulnerability in VibroLine industrial condition monitoring devices by IDS Innomic. It allows an unauthenticated remote attacker to use an existing session ID of a logged-in user to gain full access to the device if Ethernet configuration is enabled. This happens due to improper isolation between Ethernet and USB connections, enabling the attacker to configure or reset the device without proper authorization. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized full access to VibroLine devices, allowing attackers to control or disrupt industrial monitoring functions. This could result in unauthorized configuration changes, device resets, or denial of service, potentially impacting industrial operations that rely on these devices for condition monitoring. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2022-50975, immediately update the firmware on affected VibroLine VLX HD 5.0 devices to version 2.1.1866 or later, which includes a fix and requires a device restart. Additionally, if fixes are not available or for related vulnerabilities, isolate the network from the public internet, restrict access to trusted devices only, and remove extra configuration presets if only one is needed. These steps help prevent unauthorized access and configuration changes. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2022-50975 vulnerability allows an unauthenticated remote attacker to gain full access to VibroLine industrial monitoring devices by exploiting an existing session ID if Ethernet configuration is enabled. This unauthorized access could lead to unauthorized control or disruption of monitoring functions.
While the provided resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability for an attacker to gain unauthorized access to devices that may process or monitor sensitive industrial data could potentially lead to violations of data protection and security requirements mandated by such regulations.
Organizations using affected VibroLine devices should consider the risk of unauthorized access as a factor in their compliance posture, particularly regarding the confidentiality, integrity, and availability of monitored data. Mitigations such as firmware updates and network isolation are critical to reduce the risk of non-compliance due to this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The CVE-2022-50975 vulnerability affects VibroLine devices with specific vulnerable firmware versions. Detection involves identifying devices running affected firmware versions and checking if Ethernet configuration is enabled.'}, {'type': 'paragraph', 'content': 'To detect vulnerable devices on your network, you can scan for VibroLine devices and query their firmware versions. Since the vulnerability involves unauthorized access via existing session IDs when Ethernet configuration is enabled, verifying device firmware and configuration status is critical.'}, {'type': 'paragraph', 'content': 'While no specific detection commands are provided in the resources, general approaches include:'}, {'type': 'list_item', 'content': 'Use network scanning tools (e.g., nmap) to identify devices by their network signatures or open ports typical for VibroLine devices.'}, {'type': 'list_item', 'content': 'Access device management interfaces (if authorized) to check firmware versions against the vulnerable ranges: VibroLine 4.0 VLE Firmware versions 1.4.1074 to 1.4.1116, VibroLine 4.0 VLX Firmware 1.5.1074 to 1.5.1116, and VibroLine 5.0 Firmware versions 2.1.1340 to 2.1.1387.'}, {'type': 'list_item', 'content': 'Verify if Ethernet configuration is enabled on the device, as the vulnerability requires this setting.'}, {'type': 'paragraph', 'content': 'Example command to scan for devices on a subnet (replace with appropriate IP range):'}, {'type': 'list_item', 'content': 'nmap -p 80,443,502 --open -sV 192.168.1.0/24'}, {'type': 'paragraph', 'content': "This scans for common ports (HTTP, HTTPS, Modbus TCP) that VibroLine devices might use. After identifying devices, further manual or scripted queries to the device's management interface or API can confirm firmware versions and configuration."}, {'type': 'paragraph', 'content': 'Since the vulnerability involves session ID reuse, monitoring for unusual session activity or unauthorized configuration changes on the device logs can also help detect exploitation attempts.'}] [1, 2]