VDE-2022-004

Vulnerability from csaf_wagogmbhcokg - Published: 2022-03-09 07:00 - Updated: 2022-03-09 07:00
Summary
WAGO: Web-Based Management Cross-Site Scripting
Notes
Summary: The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.
Impact: An attacker needs an authorized login on the device in order to exploit the various configuration pages with malicious scripts. This can be used to install malicious code and to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Mitigation: Restrict network access to the device Use strong passwords Do not directly connect the device to the internet Disable unused TCP/UDP-ports Please install upcoming FW-Update, which will be available at end of Q2/2022.
CVE-2022-22511

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mitigation Restrict network access to the device Use strong passwords Do not directly connect the device to the internet Disable unused TCP/UDP-ports Please install upcoming FW-Update, which will be available at end of Q2/2022.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker needs an authorized login on the device in order to exploit the various configuration pages with malicious scripts. This can be used to install malicious code and to gain access to confidential information on a PC that connects to the WBM after it has been compromised.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Restrict network access to the device\nUse strong passwords\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports\n\nPlease install upcoming FW-Update, which will be available at end of Q2/2022.",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2022-004: WAGO: Web-Based Management Cross-Site Scripting - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-004/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-004: WAGO: Web-Based Management Cross-Site Scripting - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-004.json"
      },
      {
        "category": "external",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/de-en/automation-technology/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      }
    ],
    "title": "WAGO: Web-Based Management Cross-Site Scripting",
    "tracking": {
      "aliases": [
        "VDE-2022-004"
      ],
      "current_release_date": "2022-03-09T07:00:00.000Z",
      "generator": {
        "date": "2025-05-05T09:39:23.950Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2022-004",
      "initial_release_date": "2022-03-09T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-03-09T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Compact Controller 100",
                "product": {
                  "name": "Compact Controller 100",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "751-9301"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Edge Controller",
                "product": {
                  "name": "Edge Controller",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "752-8303/8000-002"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Series PFC100",
                "product": {
                  "name": "Series PFC100",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-81xx/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Series PFC200",
                "product": {
                  "name": "Series PFC200",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-82xx/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Series Touch Panel 600 Advanced Line",
                "product": {
                  "name": "Series Touch Panel 600 Advanced Line",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-5xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Series Touch Panel 600 Marine Line",
                "product": {
                  "name": "Series Touch Panel 600 Marine Line",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-6xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Series Touch Panel 600 Standard Line",
                "product": {
                  "name": "Series Touch Panel 600 Standard Line",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-4xxx"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "FW16\u003cFW22",
                "product": {
                  "name": "Firmware FW16 \u003c FW22",
                  "product_id": "CSAFPID-21001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ],
        "summary": "Affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Compact Controller 100",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Edge Controller",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Series PFC100",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Series PFC200",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Series Touch Panel 600 Advanced Line",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Series Touch Panel 600 Marine Line",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW16 \u003c FW22 installed on Series Touch Panel 600 Standard Line",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-22511",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict network access to the device\nUse strong passwords\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports\n\nPlease install upcoming FW-Update, which will be available at end of Q2/2022.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2022-22511"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.