VDE-2022-009 | CERT@VDE

2022-04-06 09:30 (CEST) VDE-2022-009

WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe

Share: Email | Twitter

ID

VDE-2022-009

Published

2022-04-06 09:30 (CEST)

Last update

2022-04-06 09:30 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	750-81xx/xxx-xxx	03.07.14(19) <= 03.07.18(19)
	750-81xx/xxx-xxx	03.08.07(20) <= 03.08.08(20)
	750-8217/xxx-xxx	03.07.14(19) <= 03.07.18(19)
	750-8217/xxx-xxx	03.08.07(20) <= 03.08.08(20)
	750-82xx/xxx-xxx	03.07.14(19) <= 03.07.18(19)
	750-82xx/xxx-xxx	03.08.07(20) <= 03.08.08(20)
	751-9301	03.07.14(19) <= 03.08.08(20)
	752-8303/8000-002	03.07.14(19) <= 03.07.18(19)
	762-4xxx	03.07.14(19) <= 03.07.18(19)
	762-5xxx	03.07.14(19) <= 03.07.18(19)
	762-6xxx	03.07.14(19) <= 03.07.18(19)

Summary

The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter ‘Affected Products’.

CVE ID

CVE-2022-0847

Last Update:

28. März 2022 13:19

Severity

7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Preservation of Permissions (CWE-281)

Summary

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Details

nvd.nist.gov

Impact

An unprivileged user can use the “pipe” functionality in the Linux kernel to write to read only files. This can lead to privilege escalation, because in this way unprivileged processes can inject code into root processes.

For a detailed description of the vulnerability see https://dirtypipe.cm4all.com/

Solution

Mitigation

Restrict network access to the device.
Use strong passwords
Do not directly connect the device to the internet
Disable unused TCP/UDP-ports

Remediation

We recommend all effected users to update to the firmware version listed below.

Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100

Product	Fixed in Firmware Version
750-81xx/xxx-xxx	>= 03.09.04(21)
750-8217/xxx-xxx	>= 03.09.05(21)
750-82xx/xxx-xxx	>= 03.09.04(21)
751-9301	>= 03.09.04(21)

Series WAGO Touch Panel 600 and WAGO Edge Controller

Product	Fixed in Firmware Version
762-4xxx	>= 03.07.19(19)
762-5xxx	>= 03.07.19(19)
762-6xxx	>= 03.07.19(19)
752-8303/8000-002	>= 03.07.19(19)

Reported by

Coordination done by CERT@VDE.