Search criteria
18 vulnerabilities found for touch_panel_600_advanced_firmware by wago
CVE-2023-3379 (GCVE-0-2023-3379)
Vulnerability from nvd – Published: 2023-11-20 07:23 – Updated: 2024-10-02 05:34
VLAI?
Title
WAGO: Improper Privilege Management in web-based management
Summary
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
Severity ?
5.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller 100 (751-9301) |
Affected:
0 , ≤ FW25
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Panagiotis Bellonias from Secura
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller 100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-810x/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22 Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-820x/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-821x/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22 Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Panagiotis Bellonias from Secura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges."
}
],
"value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:34:25.860Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
}
],
"source": {
"advisory": "VDE-2023-015",
"defect": [
"CERT@VDE#64549"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Improper Privilege Management in web-based management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3379",
"datePublished": "2023-11-20T07:23:41.887Z",
"dateReserved": "2023-06-23T09:01:09.552Z",
"dateUpdated": "2024-10-02T05:34:25.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4089 (GCVE-0-2023-4089)
Vulnerability from nvd – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
VLAI?
Title
WAGO: Multiple products vulnerable to local file inclusion
Summary
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW19 , ≤ FW26
(semver)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Floris Hendriks and Jeroen Wijenbergh from Radboud University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:11.155380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:40:32.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW18",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T06:00:28.908Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"source": {
"advisory": "VDE-2023-046",
"defect": [
"CERT@VDE#64532"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Multiple products vulnerable to local file inclusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4089",
"datePublished": "2023-10-17T06:00:28.908Z",
"dateReserved": "2023-08-02T07:20:35.600Z",
"dateUpdated": "2025-02-27T20:40:32.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1698 (GCVE-0-2023-1698)
Vulnerability from nvd – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13
VLAI?
Title
WAGO: WBM Command Injection in multiple products
Summary
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW20 , ≤ FW22
(semver)
Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Quentin Kaiser from ONEKEY
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:12:48.907770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:13:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quentin Kaiser from ONEKEY"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T08:51:27.453Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"source": {
"advisory": "VDE-2023-007",
"defect": [
"CERT@VDE#64422"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: WBM Command Injection in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1698",
"datePublished": "2023-05-15T08:51:27.453Z",
"dateReserved": "2023-03-29T13:00:05.618Z",
"dateUpdated": "2025-01-23T19:13:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45140 (GCVE-0-2022-45140)
Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
VLAI?
Title
WAGO: Missing Authentication for Critical Function
Summary
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:55.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:46:43.476712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:46:52.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
}
],
"value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:39.448Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Missing Authentication for Critical Function ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45140",
"datePublished": "2023-02-27T14:36:39.448Z",
"dateReserved": "2022-11-10T09:46:59.080Z",
"dateUpdated": "2025-03-10T17:46:52.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45139 (GCVE-0-2022-45139)
Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
VLAI?
Title
WAGO: Origin validation error through CORS misconfiguration
Summary
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
Severity ?
5.3 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:55.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:45:54.261351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:46:16.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW18",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
}
],
"value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:32.016Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Origin validation error through CORS misconfiguration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45139",
"datePublished": "2023-02-27T14:36:32.016Z",
"dateReserved": "2022-11-10T09:46:59.080Z",
"dateUpdated": "2025-03-10T17:46:16.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45138 (GCVE-0-2022-45138)
Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:20
VLAI?
Title
WAGO: Missing Authentication for Critical Function
Summary
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:55.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:20:33.215201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:20:50.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW18",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
}
],
"value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:20.474Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45138",
"datePublished": "2023-02-27T14:36:20.474Z",
"dateReserved": "2022-11-10T09:46:59.079Z",
"dateUpdated": "2025-03-10T17:20:50.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45137 (GCVE-0-2022-45137)
Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2024-08-03 14:09
VLAI?
Title
WAGO: Reflective Cross-Site Scripting
Summary
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW18",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
}
],
"value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:03.411Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Reflective Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45137",
"datePublished": "2023-02-27T14:36:03.411Z",
"dateReserved": "2022-11-10T09:46:59.079Z",
"dateUpdated": "2024-08-03T14:09:56.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3738 (GCVE-0-2022-3738)
Vulnerability from nvd – Published: 2023-01-19 11:27 – Updated: 2025-04-02 14:55
VLAI?
Title
WAGO: Missing authentication for config export functionality in multiple products
Summary
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
Severity ?
5.9 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Series WAGO PFC100 |
Affected:
FW16 , ≤ FW22
(semver)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:55:30.723734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:55:51.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Series WAGO PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAGO Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAGO Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-01-12T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T09:43:18.629Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
}
],
"source": {
"advisory": "VDE-2022-054",
"defect": [
"CERT@VDE#64273"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Missing authentication for config export functionality in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-3738",
"datePublished": "2023-01-19T11:27:51.814Z",
"dateReserved": "2022-10-28T07:18:40.653Z",
"dateUpdated": "2025-04-02T14:55:51.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12522 (GCVE-0-2020-12522)
Vulnerability from nvd – Published: 2020-12-17 22:40 – Updated: 2024-09-16 18:14
VLAI?
Title
Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
Summary
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Severity ?
10 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Series PFC 100 (750-81xx/xxx-xxx) |
Affected:
FW1 , ≤ FW10
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Series PFC 100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series PFC 200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
}
],
"datePublic": "2020-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T22:40:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
],
"solutions": [
{
"lang": "en",
"value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
}
],
"source": {
"advisory": "VDE-2020-045",
"defect": [
"VDE-2020-045"
],
"discovery": "INTERNAL"
},
"title": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10",
"workarounds": [
{
"lang": "en",
"value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
"ID": "CVE-2020-12522",
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Series PFC 100 (750-81xx/xxx-xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series PFC 200 (750-82xx/xxx-xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-045",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
]
},
"solution": [
{
"lang": "en",
"value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
}
],
"source": {
"advisory": "VDE-2020-045",
"defect": [
"VDE-2020-045"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12522",
"datePublished": "2020-12-17T22:40:48.065139Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T18:14:32.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3379 (GCVE-0-2023-3379)
Vulnerability from cvelistv5 – Published: 2023-11-20 07:23 – Updated: 2024-10-02 05:34
VLAI?
Title
WAGO: Improper Privilege Management in web-based management
Summary
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
Severity ?
5.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller 100 (751-9301) |
Affected:
0 , ≤ FW25
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Panagiotis Bellonias from Secura
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller 100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-810x/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22 Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-820x/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-821x/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22 Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Panagiotis Bellonias from Secura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges."
}
],
"value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:34:25.860Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
}
],
"source": {
"advisory": "VDE-2023-015",
"defect": [
"CERT@VDE#64549"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Improper Privilege Management in web-based management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3379",
"datePublished": "2023-11-20T07:23:41.887Z",
"dateReserved": "2023-06-23T09:01:09.552Z",
"dateUpdated": "2024-10-02T05:34:25.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4089 (GCVE-0-2023-4089)
Vulnerability from cvelistv5 – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
VLAI?
Title
WAGO: Multiple products vulnerable to local file inclusion
Summary
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW19 , ≤ FW26
(semver)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Floris Hendriks and Jeroen Wijenbergh from Radboud University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:11.155380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:40:32.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW18",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T06:00:28.908Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"source": {
"advisory": "VDE-2023-046",
"defect": [
"CERT@VDE#64532"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Multiple products vulnerable to local file inclusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4089",
"datePublished": "2023-10-17T06:00:28.908Z",
"dateReserved": "2023-08-02T07:20:35.600Z",
"dateUpdated": "2025-02-27T20:40:32.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1698 (GCVE-0-2023-1698)
Vulnerability from cvelistv5 – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13
VLAI?
Title
WAGO: WBM Command Injection in multiple products
Summary
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW20 , ≤ FW22
(semver)
Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Quentin Kaiser from ONEKEY
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:12:48.907770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:13:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quentin Kaiser from ONEKEY"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T08:51:27.453Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"source": {
"advisory": "VDE-2023-007",
"defect": [
"CERT@VDE#64422"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: WBM Command Injection in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1698",
"datePublished": "2023-05-15T08:51:27.453Z",
"dateReserved": "2023-03-29T13:00:05.618Z",
"dateUpdated": "2025-01-23T19:13:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45140 (GCVE-0-2022-45140)
Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
VLAI?
Title
WAGO: Missing Authentication for Critical Function
Summary
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:55.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:46:43.476712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:46:52.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
}
],
"value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:39.448Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Missing Authentication for Critical Function ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45140",
"datePublished": "2023-02-27T14:36:39.448Z",
"dateReserved": "2022-11-10T09:46:59.080Z",
"dateUpdated": "2025-03-10T17:46:52.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45139 (GCVE-0-2022-45139)
Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
VLAI?
Title
WAGO: Origin validation error through CORS misconfiguration
Summary
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
Severity ?
5.3 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:55.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:45:54.261351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:46:16.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW18",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
}
],
"value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:32.016Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Origin validation error through CORS misconfiguration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45139",
"datePublished": "2023-02-27T14:36:32.016Z",
"dateReserved": "2022-11-10T09:46:59.080Z",
"dateUpdated": "2025-03-10T17:46:16.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45138 (GCVE-0-2022-45138)
Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:20
VLAI?
Title
WAGO: Missing Authentication for Critical Function
Summary
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:55.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:20:33.215201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:20:50.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW18",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
}
],
"value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:20.474Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45138",
"datePublished": "2023-02-27T14:36:20.474Z",
"dateReserved": "2022-11-10T09:46:59.079Z",
"dateUpdated": "2025-03-10T17:20:50.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45137 (GCVE-0-2022-45137)
Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2024-08-03 14:09
VLAI?
Title
WAGO: Reflective Cross-Site Scripting
Summary
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) |
Affected:
FW16 , < FW22
(custom)
Unaffected: FW22 Patch 1 Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100 (751-9301)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (752-8303/8000-002)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW18",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FW22 Patch 1"
},
{
"status": "affected",
"version": "FW23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
}
],
"value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T14:36:03.411Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
}
],
"source": {
"defect": [
"CERT@VDE#64160"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Reflective Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-45137",
"datePublished": "2023-02-27T14:36:03.411Z",
"dateReserved": "2022-11-10T09:46:59.079Z",
"dateUpdated": "2024-08-03T14:09:56.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3738 (GCVE-0-2022-3738)
Vulnerability from cvelistv5 – Published: 2023-01-19 11:27 – Updated: 2025-04-02 14:55
VLAI?
Title
WAGO: Missing authentication for config export functionality in multiple products
Summary
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
Severity ?
5.9 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Series WAGO PFC100 |
Affected:
FW16 , ≤ FW22
(semver)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:55:30.723734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:55:51.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Series WAGO PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAGO Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAGO Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-01-12T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T09:43:18.629Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
}
],
"source": {
"advisory": "VDE-2022-054",
"defect": [
"CERT@VDE#64273"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Missing authentication for config export functionality in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-3738",
"datePublished": "2023-01-19T11:27:51.814Z",
"dateReserved": "2022-10-28T07:18:40.653Z",
"dateUpdated": "2025-04-02T14:55:51.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12522 (GCVE-0-2020-12522)
Vulnerability from cvelistv5 – Published: 2020-12-17 22:40 – Updated: 2024-09-16 18:14
VLAI?
Title
Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
Summary
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Severity ?
10 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Series PFC 100 (750-81xx/xxx-xxx) |
Affected:
FW1 , ≤ FW10
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Series PFC 100 (750-81xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series PFC 200 (750-82xx/xxx-xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"product": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
}
],
"datePublic": "2020-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T22:40:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
],
"solutions": [
{
"lang": "en",
"value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
}
],
"source": {
"advisory": "VDE-2020-045",
"defect": [
"VDE-2020-045"
],
"discovery": "INTERNAL"
},
"title": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10",
"workarounds": [
{
"lang": "en",
"value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
"ID": "CVE-2020-12522",
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Series PFC 100 (750-81xx/xxx-xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series PFC 200 (750-82xx/xxx-xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
},
{
"product_name": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "FW1",
"version_value": "FW10"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-045",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
]
},
"solution": [
{
"lang": "en",
"value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
}
],
"source": {
"advisory": "VDE-2020-045",
"defect": [
"VDE-2020-045"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12522",
"datePublished": "2020-12-17T22:40:48.065139Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T18:14:32.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}