Share: Email | Twitter

ID

VDE-2022-004

Published

2022-03-09 08:00 (CET)

Last update

2022-03-09 08:19 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
751-9301 Compact Controller CC100 FW16 < FW22
752-8303/8000-002 Edge Controller FW16 < FW22
750-81xx/xxx-xxx Series PFC100 FW16 < FW22
750-82xx/xxx-xxx Series PFC200 FW16 < FW22
762-5xxx Series Touch Panel 600 Advanced Line FW16 < FW22
762-6xxx Series Touch Panel 600 Marine Line FW16 < FW22
762-4xxx Series Touch Panel 600 Standard Line FW16 < FW22

Summary

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.


Weakness

Improper Neutralization of Input During Web Page Generation  (CWE-79) 

Summary

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.


Impact

An attacker needs an authorized login on the device in order to exploit the various configuration pages with malicious scripts. This can be used to install malicious code and to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Solution

Mitigation

  • Restrict network access to the device
  • Use strong passwords
  • Do not directly connect the device to the internet
  • Disable unused TCP/UDP-ports

Solution

Please install upcoming FW-Update, which will be available at end of Q2/2022.

Reported by

These vulnerabilities were reported to WAGO by: Mohamed Magdy Abumuslim
Coordination done by CERT@VDE.