Summary
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.
Impact
An attacker needs an authorized login on the device in order to exploit the various configuration pages with malicious scripts. This can be used to install malicious code and to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 751-9301 | Compact Controller 100 | Firmware FW16 < FW22 |
| 752-8303/8000-002 | Edge Controller | Firmware FW16 < FW22 |
| 750-81xx/xxx-xxx | Series PFC100 | Firmware FW16 < FW22 |
| 750-82xx/xxx-xxx | Series PFC200 | Firmware FW16 < FW22 |
| 762-5xxx | Series Touch Panel 600 Advanced Line | Firmware FW16 < FW22 |
| 762-6xxx | Series Touch Panel 600 Marine Line | Firmware FW16 < FW22 |
| 762-4xxx | Series Touch Panel 600 Standard Line | Firmware FW16 < FW22 |
Vulnerabilities
Expand / Collapse allVarious configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Mitigation
Restrict network access to the device
Use strong passwords
Do not directly connect the device to the internet
Disable unused TCP/UDP-ports
Please install upcoming FW-Update, which will be available at end of Q2/2022.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 03/09/2022 08:00 | Initial revision. |