WAGO: Exposure of configuration interface in unmanaged switches

VDE-2022-055

Last update

16.02.2023 14:43

Published at

16.02.2023 14:43

Vendor(s)

WAGO GmbH & Co. KG

External ID

VDE-2022-055

CSAF Document

Download

Summary

An unknown and undocumented configuration interface with limited functionality was identified on the affected devices.

Impact

An unprivileged attacker can configure network setting to violate confidentiality of transferred packages if the network packages themselves are not protected by cryptographic measures. Additionally, the attacker can violate the availability of network clients by changing network settings (e.g., deactivate network ports).

Affected Product(s)

Model no.	Product name	Affected versions
852-111/000-001	Unmanaged Switch	Firmware 01

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Hidden Functionality (CWE-912)

Summary

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

References

cve.org | nvd.nist.gov

Mitigation

Restrict network access to the device.
Do not directly connect the device to the internet

Remediation

A firmware update which fixes the problem is available. Users who want to do a firmware update should contact the WAGO support.

Revision History

Version	Date	Summary
1	16.02.2023 14:43	Initial revision.

WAGO: Exposure of configuration interface in unmanaged switches

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2022-3843 9.1

Mitigation

Remediation

Revision History