Share: Email | Twitter

ID

VDE-2019-017

Published

2019-09-18 13:25 (CEST)

Last update

2019-09-18 13:25 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
750-81xx/xxx-xxx (PFC100) < FW12
750-82xx/xxx-xxx (PFC200) < FW12

Summary

The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations.

Update, 18.9.2019, 18:30

  • fixed typo in modelname, replaced PCF with PFC

Last Update:

Feb. 18, 2020, 12:25 p.m.

Weakness

Externally Controlled Reference to a Resource in Another Sphere  (CWE-610) 

Summary

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.

Impact

The vulnerability allows an attacker to check the existence of files via specially crafted HTTP requests. This can be potentially used to identify installed software and leak of sensitive data (e.g. session data stored in the file system).

Solution

Update your device to the latest firmware (>= FW 12).

Mitigation

  • Restrict network access to the web server.
  • Restrict network access to the device.
  • Do not directly connect the device to the internet.

Reported by

This vulnerability was reported by Nico Jansen (Fachhochschule Aachen) to WAGO coordinated by CERT@VDE.