Summary
There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.
Impact
An authenticated attacker can get further privileges allowing the attacker to change configuration and perform actions beyond the original user scope.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 751-9301/xxx-xxx | Compact Controller 100 | Firmware <= FW25 |
| 752-8303/8000-002 | Edge Controller | Firmware <= FW25 |
| 750-810x/xxx-xxx | PFC100 | Firmware <= FW22 Patch1 |
| 750-820x/xxx-xxx, 750-821x/xxx-xxx | PFC200 | Firmware <= FW22 Patch1 |
| 762-5xxx | Touch Panel 600 Advanced Line | Firmware <= FW25 |
| 762-6xxx | Touch Panel 600 Marine Line | Firmware <= FW25 |
| 762-4xxx | Touch Panel 600 Standard Line | Firmware <= FW25 |
Vulnerabilities
Expand / Collapse allWago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Remediation
Wago recommends all affected users to update to the firmware version listed below:
Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100
| Article Number | Fixed in Firmware Version |
|---|---|
| 750-811x/xxx-xxx | FW22 Patch 2 |
| 750-821x/xxx-xxx | FW26 |
| 750-820x/xxx-xxx | FW22 Patch 2 |
| 751-9301 | FW26 |
Series WAGO Touch Panel 600 and WAGO Edge Controller
| Article Number | Fixed in Firmware Version |
|---|---|
| 762-4xxx | FW26 |
| 762-5xxx | FW26 |
| 762-6xxx | FW26 |
| 752-8303/8000-002 | FW26 |
FW22 Patch 2 will be available in Q1 2024.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 20.11.2023 08:00 | Initial revision. |