← back
CVE-2022-50975

Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated access to device configuration

CVSS 8.8 HIGHEPSS 0.2%CWE-346
An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
avibia · AvibiaLine AVLX1 HD 5.0avibia · AvibiaLine AVLX2 HD 5.0avibia · AvibiaLine AVLX4 HD 5.0avibia · AvibiaLine AVLX6 HD 5.0avibia · AvibiaLine AVLX8 HD 5.0Innomic · AvibiaLine AVLE1 HD 5.0Innomic · AvibiaLine AVLE2 HD 5.0Innomic · AvibiaLine AVLE4 HD 5.0Innomic · AvibiaLine AVLE6 HD 5.0Innomic · AvibiaLine AVLE8 HD 5.0Innomic · VibroLine VLE1 HD 4.0Innomic · VibroLine VLE1 HD 5.0Innomic · VibroLine VLE2 HD 4.0Innomic · VibroLine VLE2 HD 5.0Innomic · VibroLine VLE4 HD 4.0Innomic · VibroLine VLE4 HD 5.0Innomic · VibroLine VLE6 HD 4.0Innomic · VibroLine VLE6 HD 5.0Innomic · VibroLine VLE8 HD 4.0Innomic · VibroLine VLE8 HD 5.0Innomic · VibroLine VLX1 HD 4.0Innomic · VibroLine VLX1 HD 5.0Innomic · VibroLine VLX2 HD 4.0Innomic · VibroLine VLX2 HD 5.0Innomic · VibroLine VLX4 HD 4.0Innomic · VibroLine VLX4 HD 5.0Innomic · VibroLine VLX6 HD 4.0Innomic · VibroLine VLX6 HD 5.0Innomic · VibroLine VLX8 HD 4.0Innomic · VibroLine VLX8 HD 5.0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.htmlhttps://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json