VDE-2022-009
Vulnerability from csaf_wagogmbhcokg - Published: 2022-04-06 07:30 - Updated: 2025-05-22 13:03Summary
WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe
Notes
Summary: The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter 'Affected Products'.
Impact: An unprivileged user can use the 'pipe' functionality in the Linux kernel to write to read only files. This can lead to privilege escalation, because in this way unprivileged processes can inject code into root processes.
For a detailed description of the vulnerability see https://dirtypipe.cm4all.com/
Mitigation: - Restrict network access to the device.
- Use strong passwords
- Do not directly connect the device to the internet
- Disable unused TCP/UDP-ports
Remediation: We recommend all affected users to update to the firmware version listed below.
## Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100
| Product | Fixed in Firmware Version |
|----------------------|----------------------------|
| 750-81xx/xxx-xxx | 03.09.04(21) |
| 750-8217/xxx-xxx | 03.09.05(21) |
| 750-82xx/xxx-xxx | 03.09.04(21) |
| 751-9301 | 03.09.04(21) |
## Series WAGO Touch Panel 600 and WAGO Edge Controller
| Product | Fixed in Firmware Version |
|----------------------|----------------------------|
| 762-4xxx | 03.07.19(19) |
| 762-5xxx | 03.07.19(19) |
| 762-6xxx | 03.07.19(19) |
| 752-8303/8000-002 | 03.07.19(19) |
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
7.8 (High)
Mitigation
- Restrict network access to the device.
- Use strong passwords
- Do not directly connect the device to the internet
- Disable unused TCP/UDP-ports
Vendor Fix
We recommend all affected users to update to the firmware version listed below.
## Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100
| Product | Fixed in Firmware Version |
|----------------------|----------------------------|
| 750-81xx/xxx-xxx | 03.09.04(21) |
| 750-8217/xxx-xxx | 03.09.05(21) |
| 750-82xx/xxx-xxx | 03.09.04(21) |
| 751-9301 | 03.09.04(21) |
## Series WAGO Touch Panel 600 and WAGO Edge Controller
| Product | Fixed in Firmware Version |
|----------------------|----------------------------|
| 762-4xxx | 03.07.19(19) |
| 762-5xxx | 03.07.19(19) |
| 762-6xxx | 03.07.19(19) |
| 752-8303/8000-002 | 03.07.19(19) |
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter \u0027Affected Products\u0027.",
"title": "Summary"
},
{
"category": "description",
"text": "An unprivileged user can use the \u0027pipe\u0027 functionality in the Linux kernel to write to read only files. This can lead to privilege escalation, because in this way unprivileged processes can inject code into root processes.\nFor a detailed description of the vulnerability see https://dirtypipe.cm4all.com/",
"title": "Impact"
},
{
"category": "description",
"text": "- Restrict network access to the device.\n- Use strong passwords\n- Do not directly connect the device to the internet\n- Disable unused TCP/UDP-ports",
"title": "Mitigation"
},
{
"category": "description",
"text": "We recommend all affected users to update to the firmware version listed below.\n\n## Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100\n\n| Product | Fixed in Firmware Version |\n|----------------------|----------------------------|\n| 750-81xx/xxx-xxx | 03.09.04(21) |\n| 750-8217/xxx-xxx | 03.09.05(21) |\n| 750-82xx/xxx-xxx | 03.09.04(21) |\n| 751-9301 | 03.09.04(21) |\n\n## Series WAGO Touch Panel 600 and WAGO Edge Controller\n\n| Product | Fixed in Firmware Version |\n|----------------------|----------------------------|\n| 762-4xxx | 03.07.19(19) |\n| 762-5xxx | 03.07.19(19) |\n| 762-6xxx | 03.07.19(19) |\n| 752-8303/8000-002 | 03.07.19(19) |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2022-009: WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-009/"
},
{
"category": "self",
"summary": "VDE-2022-009: WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-009.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe",
"tracking": {
"aliases": [
"VDE-2022-009"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-28T09:51:56.908Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2022-009",
"initial_release_date": "2022-04-06T07:30:00.000Z",
"revision_history": [
{
"date": "2022-04-06T07:30:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-81xx/xxx-xxx",
"product": {
"name": "750-81xx/xxx-xxx",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-8217/xxx-xxx",
"product": {
"name": "750-8217/xxx-xxx",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-82xx/xxx-xxx",
"product": {
"name": "750-82xx/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "751-9301",
"product": {
"name": "751-9301",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "752-8303/8000-002",
"product": {
"name": "752-8303/8000-002",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "762-4xxx",
"product": {
"name": "762-4xxx",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "762-5xxx",
"product": {
"name": "762-5xxx",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "762-6xxx",
"product": {
"name": "762-6xxx",
"product_id": "CSAFPID-11008"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "03.08.07(20)\u003c=03.08.08(20)",
"product": {
"name": "Firmware 03.08.07(20)\u003c=03.08.08(20)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "03.07.14(19)\u003c=03.07.18(19)",
"product": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19)",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "03.07.14(19)\u003c=03.08.08(20)",
"product": {
"name": "Firmware 03.07.14(19)\u003c=03.08.08(20)",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version",
"name": "03.09.04(21)",
"product": {
"name": "Firmware 03.09.04(21)",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "03.09.05(21)",
"product": {
"name": "Firmware 03.09.05(21)",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "03.07.19(19)",
"product": {
"name": "Firmware 03.07.19(19)",
"product_id": "CSAFPID-22003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 750-81xx/xxx-xxx",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.07(20)\u003c=03.08.08(20) installed on 750-81xx/xxx-xxx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.07(20)\u003c=03.08.08(20) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 750-82xx/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.07(20)\u003c=03.08.08(20) installed on 750-82xx/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.07(20)\u003c=03.08.08(20) installed on 751-9301",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 752-8303/8000-002",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 762-4xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 762-5xxx",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.14(19)\u003c=03.07.18(19) installed on 762-6xxx",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.09.04(21) installed on 750-81xx/xxx-xxx",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.09.04(21) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.09.04(21) installed on 750-82xx/xxx-xxx",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.09.04(21) installed on 751-9301",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.19(19) installed on 752-8303/8000-002",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.19(19) installed on 762-4xxx",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.19(19) installed on 762-5xxx",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.07.19(19) installed on 762-6xxx",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11008"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0847",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Restrict network access to the device.\n- Use strong passwords\n- Do not directly connect the device to the internet\n- Disable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "We recommend all affected users to update to the firmware version listed below.\n\n## Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100\n\n| Product | Fixed in Firmware Version |\n|----------------------|----------------------------|\n| 750-81xx/xxx-xxx | 03.09.04(21) |\n| 750-8217/xxx-xxx | 03.09.05(21) |\n| 750-82xx/xxx-xxx | 03.09.04(21) |\n| 751-9301 | 03.09.04(21) |\n\n## Series WAGO Touch Panel 600 and WAGO Edge Controller\n\n| Product | Fixed in Firmware Version |\n|----------------------|----------------------------|\n| 762-4xxx | 03.07.19(19) |\n| 762-5xxx | 03.07.19(19) |\n| 762-6xxx | 03.07.19(19) |\n| 752-8303/8000-002 | 03.07.19(19) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
}
],
"title": "CVE-2022-0847"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…