Headline
CVE-2022-3281: VDE-2022-042 | CERT@VDE
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.
2022-10-17 10:00 (CEST) VDE-2022-042
WAGO: Multiple products - Loss of MAC-Address-Filtering after reboot
Share: Email | Twitter
Published
2022-10-17 10:00 (CEST)
Last update
2022-10-14 14:43 (CEST)
Vendor(s)
WAGO GmbH & Co. KG
Product(s)
Article No°
Product Name
Affected Version(s)
750-81xx/xxx-xxx
Series WAGO PFC100/PFC200
03.01.07(13) <= 03.10.08(22)
750-8217/xxx-xxx
Series WAGO PFC100/PFC200
03.04.10(16) <= 03.10.08(22)
750-82xx/xxx-xxx
Series WAGO PFC100/PFC200
03.01.07(13) <= 03.10.08(22)
762-4xxx
Series WAGO Touch Panel 600
03.01.07(13) <= 03.10.09(22)
762-5xxx
Series WAGO Touch Panel 600
03.01.07(13) <= 03.10.09(22)
762-6xxx
Series WAGO Touch Panel 600
03.01.07(13) <= 03.10.09(22)
751-9301
WAGO Compact Controller CC100
03.07.17(19) <= 03.09.08(21)
752-8303/8000-002
WAGO Edge Controller
03.06.09(18) <= 03.10.09(22)
Summary
The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.
CVE ID
Severity
Weakness
Expected Behavior Violation (CWE-440)
Summary
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.
Source
Impact
Exploiting this flaw, an remote attacker is able to reach the network which should be protected by the MAC address filter.
Solution
Mitigation
Reactivate MAC Address Filter after restart to make sure MAC Address Filter is working. To test if the MAC Address Filter is working just add a test-client to the MAC Address Filter list, enable it and check if you can access the web-based-management via the test-client.
Solution
We recommend all effected users to update to the firmware version listed below:
Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100
Article Number
Fixed Firmware
750-81xx/xxx-xxx
>= 03.10.10(22)
750-8217/xxx-xxx
>= 03.10.10(22)
750-82xx/xxx-xxx
>= 03.10.10(22)
751-9301
>= 04.01.10(23)
Series WAGO Touch Panel 600 and WAGO Edge Controller
Article Number
Fixed Firmware
762-4xxx
>= 03.10.10(22)
762-5xxx
>= 03.10.10(22)
762-6xxx
>= 03.10.10(22)
752-8303/8000-002
>= 03.10.10(22)
Reported by
CERT@VDE coordinated with WAGO