Share: Email | Twitter

ID

VDE-2024-047

Published

2024-11-18 12:00 (CET)

Last update

2024-11-18 10:29 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
WAGO CC100 0751-9x01 <= 4.5.10 (FW27)
WAGO Edge Controller 0752-8303/8000-0002 <= 4.5.10 (FW27)
WAGO PFC100 G1 0750-810x/xxxx-xxxx < 3.10.11
WAGO PFC100 G2 0750-811x-xxxx-xxxx <= 4.5.10 (FW27)
WAGO PFC200 G1 750-820x-xxx-xxx < 3.10.11
WAGO PFC200 G2 750-821x-xxx-xxx <= 4.5.10 (FW27)
WAGO TP600 0762-420x/8000-000x <= 4.5.10 (FW27)
WAGO TP600 0762-430x/8000-000x <= 4.5.10 (FW27)
WAGO TP600 0762-520x/8000-000x <= 4.5.10 (FW27)
WAGO TP600 0762-530x/8000-000x <= 4.5.10 (FW27)
WAGO TP600 0762-620x/8000-000x <= 4.5.10 (FW27)
WAGO TP600 0762-630x/8000-000x <= 4.5.10 (FW27)

Summary

Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.

Vulnerabilities



CVE-2024-41969
8.8
Last Update
7. November 2024 16:05
Severity
8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness
Missing Authentication for Critical Function (306)
Summary

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. 

Details
https://cert.vde.com 
CVE-2024-41967
8.1
Last Update
7. November 2024 15:59
Severity
8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H)
Weakness
Missing Authentication for Critical Function (306)
Summary

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.

Details
https://cert.vde.com 
CVE-2024-41971
8.1
Last Update
7. November 2024 16:12
Severity
8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (22)
Summary

A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.

Details
https://cert.vde.com 
CVE-2024-41973
8.1
Last Update
7. November 2024 16:17
Severity
8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
Weakness
Path Traversal: '.../...//' (35)
Summary

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.

Details
https://cert.vde.com 
CVE-2024-41974
7.1
Last Update
7. November 2024 16:19
Severity
7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)
Weakness
Incorrect Permission Assignment for Critical Resource (732)
Summary

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resource which may lead to a DoS limited to BACNet communication.

Details
https://cert.vde.com 
CVE-2024-41972
6.5
Last Update
7. November 2024 16:14
Severity
6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Weakness
Path Traversal: '.../...//' (35)
Summary

A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.

Details
https://cert.vde.com 
CVE-2024-41970
5.7
Last Update
7. November 2024 16:10
Severity
5.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
Weakness
Incorrect Permission Assignment for Critical Resource (732)
Summary

A low privileged remote attacker may have access to forbidden diagnostic data due to incorrect permission assignment for critical resource.

Details
https://cert.vde.com 
CVE-2024-41968
5.4
Last Update
7. November 2024 16:08
Severity
5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)
Weakness
Missing Authentication for Critical Function (306)
Summary

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. 

Details
https://cert.vde.com 

Impact

The identified vulnerabilities could lead to a denial-of-service attack or alter of the firmware and docker configuration.

Solution

Remediation

Update to firmware version 28. A patch beyond FW 22 Patch 2. and therefore for PFC G1 devices, is currently not planned.

Reported by

CERT@VDE coordinated with WAGO GmbH & Co. KG

Reported by Diego Giubertoni by Nozomi Networks