Zurück zur Übersicht

WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe

VDE-2022-009
Last update
22.05.2025 15:03
Published at
06.04.2022 09:30
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2022-009
CSAF Document
Download

Summary

The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter 'Affected Products'.

Impact

An unprivileged user can use the 'pipe' functionality in the Linux kernel to write to read only files. This can lead to privilege escalation, because in this way unprivileged processes can inject code into root processes.
For a detailed description of the vulnerability see https://dirtypipe.cm4all.com/

Affected Product(s)

Model no. Product name Affected versions
750-81xx/xxx-xxx Firmware 03.08.07(20)<=03.08.08(20), Firmware 03.07.14(19)<=03.07.18(19)
750-8217/xxx-xxx Firmware 03.08.07(20)<=03.08.08(20), Firmware 03.07.14(19)<=03.07.18(19)
750-82xx/xxx-xxx Firmware 03.08.07(20)<=03.08.08(20), Firmware 03.07.14(19)<=03.07.18(19)
751-9301 Firmware 03.08.07(20)<=03.08.08(20)
752-8303/8000-002 Firmware 03.07.14(19)<=03.07.18(19)
762-4xxx Firmware 03.07.14(19)<=03.07.18(19)
762-5xxx Firmware 03.07.14(19)<=03.07.18(19)
762-6xxx Firmware 03.07.14(19)<=03.07.18(19)

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:58
Severity
7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Initialization (CWE-665)
Summary

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

References
cve.org | nvd.nist.gov

Mitigation

  • Restrict network access to the device.
  • Use strong passwords
  • Do not directly connect the device to the internet
  • Disable unused TCP/UDP-ports

Remediation

We recommend all affected users to update to the firmware version listed below.

Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100

Product Fixed in Firmware Version
750-81xx/xxx-xxx 03.09.04(21)
750-8217/xxx-xxx 03.09.05(21)
750-82xx/xxx-xxx 03.09.04(21)
751-9301 03.09.04(21)

Series WAGO Touch Panel 600 and WAGO Edge Controller

Product Fixed in Firmware Version
762-4xxx 03.07.19(19)
762-5xxx 03.07.19(19)
762-6xxx 03.07.19(19)
752-8303/8000-002 03.07.19(19)

Revision History

Version Date Summary
1 06.04.2022 09:30 Initial revision.
2 22.05.2025 15:03 Fix: quotation mark