CVE-2022-3738: VDE-2022-054 | CERT@VDE

2023-01-12 08:52 (CET) VDE-2022-054

WAGO: Unauthenticated Configuration Export in web-based management in multiple devices
Share: Email | Twitter

Published

2023-01-12 08:52 (CET)

Last update

2023-01-12 08:54 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°

Product Name

Affected Version(s)

750-81xx/xxx-xxx

Series WAGO PFC100

FW16 <= FW22

750-82xx/xxx-xxx

Series WAGO PFC200

FW16 <= FW22

762-5xxx

Series WAGO Touch Panel 600 Advanced Line

FW16 <= FW22

762-6xxx

Series WAGO Touch Panel 600 Marine Line

FW16 <= FW22

762-4xxx

Series WAGO Touch Panel 600 Standard Line

FW16 <= FW22

751-9301

WAGO Compact Controller CC100

FW16 <= FW22

752-8303/8000-002

WAGO Edge Controller

FW16 <= FW22

Summary

A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.

CVE ID

Last Update:

Jan. 19, 2023, 12:28 p.m.

Severity

Weakness

Missing Authentication for Critical Function (CWE-306)

Summary

A vulnerability in multiple WAGO products allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup with selected content after the last reboot for this attack to be successfull.

Details

Impact

The vulnerability allows a remote, unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Solution

Install FW22 Patch 1 or higher

Reported by

Quentin Kaiser from ONEKEY Research Lab reported this vulnerability to WAGO.
CERT@VDE coordinated with WAGO.