| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 0750-0362 | Coupler 0750-0362 | < FW13 |
| 0750-0362/0000-0001 | Coupler 0750-0362/0000-0001 | < FW13 |
| 0750-0362/0040-0000 | Coupler 0750-0362/0040-0000 | < FW13 |
| 0750-0362/K013-1080 | Coupler 0750-0362/K013-1080 | < FW13 |
| 0750-0362/K019-7576 | Coupler 0750-0362/K019-7576 | < FW13 |
| 0750-0363 | Coupler 0750-0363 | < FW13 |
| 0750-0363/0040-0000 | Coupler 0750-0363/0040-0000 | < FW13 |
| 0750-0364/0040-0010 | Coupler 0750-0364/0040-0010 | < FW13 |
| 0750-0365/0040-0010 | Coupler 0750-0365/0040-0010 | < FW13 |
| 0750-0366 | Coupler 0750-0366 | < FW13 |
A design flaw in the file system management exposes internal system partitions - intended to be hidden - during brief moments when they are mounted by the firmware. These partitions contain sensitive data such as firmware and certificates. Although access to the file system is mediated by a Nucleus layer that supports permission control, these permissions are currently not enforced. As a result, services like FTP/SFTP may inadvertently gain access to critical internal resources, increasing the risk of unauthorized access or data leakage.
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Due to the visibility of the internal partitions a low-privileged remote attacker can escalate privileges and can for example edit the firmware files.
Mitigation
By default, FTP is disabled on these devices. To prevent exploitation of this vulnerability, it is recommended to also disable SFTP in firmware versions below 13 through the device's configuration settings.
Remediation
Update to Firmware version 13.
CERT@VDE coordinated with WAGO GmbH & Co. KG.