CVE-2022-50975
Unknown Unknown - Not Provided
Session Hijacking via Ethernet Configuration Allows Full Device Access

Publication date: 2026-02-02

Last updated on: 2026-02-02

Assigner: CERT VDE

Description
An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50975
EUVD
EUVD-2022-55952
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
ids_innomic_schwingungsmesstechnik_gmbh vibroline From 1.4.1074 (inc) to 1.4.1116 (inc)
ids_innomic_schwingungsmesstechnik_gmbh vibroline From 1.5.1074 (inc) to 1.5.1116 (inc)
ids_innomic_schwingungsmesstechnik_gmbh vibroline From 2.1.1340 (inc) to 2.1.1387 (inc)
ids_innomic_schwingungsmesstechnik_gmbh vibroline From 2.1.1866 (inc)
ids_innomic_schwingungsmesstechnik_gmbh vibroline_configurator From 5.0.2416 (inc) to 5.0.2486 (inc)
ids_innomic_schwingungsmesstechnik_gmbh vibroline_configurator to 5.1.2730 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The CVE-2022-50975 vulnerability allows an unauthenticated remote attacker to gain full access to VibroLine industrial monitoring devices by exploiting an existing session ID if Ethernet configuration is enabled. This unauthorized access could lead to unauthorized control or disruption of monitoring functions.

While the provided resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability for an attacker to gain unauthorized access to devices that may process or monitor sensitive industrial data could potentially lead to violations of data protection and security requirements mandated by such regulations.

Organizations using affected VibroLine devices should consider the risk of unauthorized access as a factor in their compliance posture, particularly regarding the confidentiality, integrity, and availability of monitored data. Mitigations such as firmware updates and network isolation are critical to reduce the risk of non-compliance due to this vulnerability.

Executive Summary

CVE-2022-50975 is a vulnerability in VibroLine industrial condition monitoring devices by IDS Innomic. It allows an unauthenticated remote attacker to use an existing session ID of a logged-in user to gain full access to the device if Ethernet configuration is enabled. This happens due to improper isolation between Ethernet and USB connections, enabling the attacker to configure or reset the device without proper authorization. [1, 2]

Impact Analysis

This vulnerability can lead to unauthorized full access to VibroLine devices, allowing attackers to control or disrupt industrial monitoring functions. This could result in unauthorized configuration changes, device resets, or denial of service, potentially impacting industrial operations that rely on these devices for condition monitoring. [1, 2]

Mitigation Strategies

To mitigate CVE-2022-50975, immediately update the firmware on affected VibroLine VLX HD 5.0 devices to version 2.1.1866 or later, which includes a fix and requires a device restart. Additionally, if fixes are not available or for related vulnerabilities, isolate the network from the public internet, restrict access to trusted devices only, and remove extra configuration presets if only one is needed. These steps help prevent unauthorized access and configuration changes. [2]

Detection Guidance

[{'type': 'paragraph', 'content': 'The CVE-2022-50975 vulnerability affects VibroLine devices with specific vulnerable firmware versions. Detection involves identifying devices running affected firmware versions and checking if Ethernet configuration is enabled.'}, {'type': 'paragraph', 'content': 'To detect vulnerable devices on your network, you can scan for VibroLine devices and query their firmware versions. Since the vulnerability involves unauthorized access via existing session IDs when Ethernet configuration is enabled, verifying device firmware and configuration status is critical.'}, {'type': 'paragraph', 'content': 'While no specific detection commands are provided in the resources, general approaches include:'}, {'type': 'list_item', 'content': 'Use network scanning tools (e.g., nmap) to identify devices by their network signatures or open ports typical for VibroLine devices.'}, {'type': 'list_item', 'content': 'Access device management interfaces (if authorized) to check firmware versions against the vulnerable ranges: VibroLine 4.0 VLE Firmware versions 1.4.1074 to 1.4.1116, VibroLine 4.0 VLX Firmware 1.5.1074 to 1.5.1116, and VibroLine 5.0 Firmware versions 2.1.1340 to 2.1.1387.'}, {'type': 'list_item', 'content': 'Verify if Ethernet configuration is enabled on the device, as the vulnerability requires this setting.'}, {'type': 'paragraph', 'content': 'Example command to scan for devices on a subnet (replace with appropriate IP range):'}, {'type': 'list_item', 'content': 'nmap -p 80,443,502 --open -sV 192.168.1.0/24'}, {'type': 'paragraph', 'content': "This scans for common ports (HTTP, HTTPS, Modbus TCP) that VibroLine devices might use. After identifying devices, further manual or scripted queries to the device's management interface or API can confirm firmware versions and configuration."}, {'type': 'paragraph', 'content': 'Since the vulnerability involves session ID reuse, monitoring for unusual session activity or unauthorized configuration changes on the device logs can also help detect exploitation attempts.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50975. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart