Share: Email | Twitter

ID

VDE-2022-055

Published

2023-02-16 14:43 (CET)

Last update

2023-02-16 14:44 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
852-111/000-001 Unmanaged Switch = 01

Summary

An unknown and undocumented configuration interface with limited functionality was identified on the affected devices. 


Last Update:

Feb. 16, 2023, 2:42 p.m.

Weakness

Hidden Functionality  (CWE-912) 

Summary

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.


Impact

An unprivileged attacker can configure network setting to violate confidentiality of transferred packages if the network packages themselves are not protected by cryptographic measures. Additionally, the attacker can violate the availability of network clients by changing network settings (e.g., deactivate network ports).

Solution

Mitigation

  • Restrict network access to the device.
  • Do not directly connect the device to the internet

Remediation

A firmware update which fixes the problem is available. Users who want to do a firmware update should contact the WAGO support.

Reported by

Coordination done by CERT@VDE.