SpirityCVE

CVE-2022-50975 - Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated access to device configuration

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Avibia	Avibialine Avlx1 Hd Avibialine Avlx2 Hd Avibialine Avlx4 Hd Avibialine Avlx6 Hd Avibialine Avlx8 Hd
Innomic	Avibialine Avle1 Hd Avibialine Avle2 Hd Avibialine Avle4 Hd Avibialine Avle6 Hd Avibialine Avle8 Hd Vibroline Vle1 Hd Vibroline Vle2 Hd Vibroline Vle4 Hd Vibroline Vle6 Hd Vibroline Vle8 Hd Vibroline Vlx1 Hd Vibroline Vlx2 Hd Vibroline Vlx4 Hd Vibroline Vlx6 Hd Vibroline Vlx8 Hd

No data.

References

Link	Providers
https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html
https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json

History

Wed, 04 Feb 2026 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Avibia Avibia avibialine Avlx1 Hd Avibia avibialine Avlx2 Hd Avibia avibialine Avlx4 Hd Avibia avibialine Avlx6 Hd Avibia avibialine Avlx8 Hd Innomic Innomic avibialine Avle1 Hd Innomic avibialine Avle2 Hd Innomic avibialine Avle4 Hd Innomic avibialine Avle6 Hd Innomic avibialine Avle8 Hd Innomic vibroline Vle1 Hd Innomic vibroline Vle2 Hd Innomic vibroline Vle4 Hd Innomic vibroline Vle6 Hd Innomic vibroline Vle8 Hd Innomic vibroline Vlx1 Hd Innomic vibroline Vlx2 Hd Innomic vibroline Vlx4 Hd Innomic vibroline Vlx6 Hd Innomic vibroline Vlx8 Hd
Vendors & Products		Avibia Avibia avibialine Avlx1 Hd Avibia avibialine Avlx2 Hd Avibia avibialine Avlx4 Hd Avibia avibialine Avlx6 Hd Avibia avibialine Avlx8 Hd Innomic Innomic avibialine Avle1 Hd Innomic avibialine Avle2 Hd Innomic avibialine Avle4 Hd Innomic avibialine Avle6 Hd Innomic avibialine Avle8 Hd Innomic vibroline Vle1 Hd Innomic vibroline Vle2 Hd Innomic vibroline Vle4 Hd Innomic vibroline Vle6 Hd Innomic vibroline Vle8 Hd Innomic vibroline Vlx1 Hd Innomic vibroline Vlx2 Hd Innomic vibroline Vlx4 Hd Innomic vibroline Vlx6 Hd Innomic vibroline Vlx8 Hd

Mon, 02 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 02 Feb 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
Title		Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated access to device configuration
Weaknesses		CWE-346
References		https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-02-02T14:07:32.421Z

Updated: 2026-02-02T17:26:33.533Z

Reserved: 2026-01-12T08:05:55.994Z

Link: CVE-2022-50975

Vulnrichment

Updated: 2026-02-02T17:26:27.799Z

NVD

Status : Awaiting Analysis

Published: 2026-02-02T15:16:27.933

Modified: 2026-02-03T16:44:36.630

Link: CVE-2022-50975

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object