VDE-2022-054 | CERT@VDE

2023-01-12 08:52 (CET) VDE-2022-054

WAGO: Unauthenticated Configuration Export in web-based management in multiple devices

Share: Email | Twitter

ID

VDE-2022-054

Published

2023-01-12 08:52 (CET)

Last update

2023-01-12 08:54 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
750-81xx/xxx-xxx	Series WAGO PFC100	FW16 <= FW22
750-82xx/xxx-xxx	Series WAGO PFC200	FW16 <= FW22
762-5xxx	Series WAGO Touch Panel 600 Advanced Line	FW16 <= FW22
762-6xxx	Series WAGO Touch Panel 600 Marine Line	FW16 <= FW22
762-4xxx	Series WAGO Touch Panel 600 Standard Line	FW16 <= FW22
751-9301	WAGO Compact Controller CC100	FW16 <= FW22
752-8303/8000-002	WAGO Edge Controller	FW16 <= FW22

Summary

A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.

CVE ID

CVE-2022-3738

Last Update:

Jan. 19, 2023, 12:28 p.m.

Severity

5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Weakness

Missing Authentication for Critical Function (CWE-306)

Summary

A vulnerability in multiple WAGO products allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup with selected content after the last reboot for this attack to be successfull.

Details

nvd.nist.gov

Impact

The vulnerability allows a remote, unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Solution

Install FW22 Patch 1 or higher

Reported by

Quentin Kaiser from ONEKEY Research Lab reported this vulnerability to WAGO.
CERT@VDE coordinated with WAGO.