Summary
The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.
Impact
Exploiting this flaw, an remote attacker is able to reach the network which should be protected by the MAC address filter.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 750-81xx/xxx-xxx | Firmware 03.01.07(13)<=03.10.08(22), Firmware 03.01.07(13)<=03.10.09(22) | |
| 751-9301 | WAGO Compact Controller CC100 | Firmware 03.01.07(13)<=03.10.08(22) |
| 752-8303/8000-002 | WAGO Edge Controller | Firmware 03.01.07(13)<=03.10.08(22) |
Vulnerabilities
Expand / Collapse allWAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.
Mitigation
Reactivate MAC Address Filter after restart to make sure MAC Address Filter is working. To test if the MAC Address Filter is working just add a test-client to the MAC Address Filter list, enable it and check if you can access the web-based-management via the test-client.
Remediation
We recommend all effected users to update to the firmware version listed below:
Serie WAGO PFC100/PFC200 and WAGO Compact Controller CC100
| Article Number | Fixed Firmware |
|---|---|
| 750-81xx/xxx-xxx | 03.10.10(22) |
| 750-8217/xxx-xxx | 03.10.10(22) |
| 750-82xx/xxx-xxx | 03.10.10(22) |
| 751-9301 | 04.01.10(23) |
Serie WAGO Touch Panel 600 and WAGO Edge Controller
| Article Number | Fixed Firmware |
|---|---|
| 762-4xxx | 03.10.10(22) |
| 762-5xxx | 03.10.10(22) |
| 762-6xxx | 03.10.10(22) |
| 752-8303/8000-002 | 03.10.10(22) |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 10/17/2022 10:00 | Initial revision. |