| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 751-9301/xxx-xxx | Compact Controller 100 | <= FW25 |
| 752-8303/8000-002 | Edge Controller | <= FW25 |
| 750-810x/xxx-xxx | PFC100 | <= FW22 Patch1 |
| 750-821x/xxx-xxx | PFC200 | <= FW25 |
| 750-820x/xxx-xxx | PFC200 | <= FW22 Patch1 |
| 762-5xxx | Touch Panel 600 Advanced Line | <= FW25 |
| 762-6xxx | Touch Panel 600 Marine Line | <= FW25 |
| 762-4xxx | Touch Panel 600 Standard Line | <= FW25 |
There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
An authenticated attacker can get further privileges allowing the attacker to change configuration and perform actions beyond the original user scope.
Mitigation
Remediation
Wago recommends all affected users to update to the firmware version listed below:
| Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100 | |
| Article Number | Fixed in Firmware Version |
| 750-811x/xxx-xxx | >= FW22 Patch 2 |
| 750-821x/xxx-xxx | >= FW26 |
| 750-820x/xxx-xxx | >= FW22 Patch 2 |
| 751-9301 | >= FW26 |
| Series WAGO Touch Panel 600 and WAGO Edge Controller | |
| Article Number | Fixed in Firmware Version |
| 762-4xxx | >= FW26 |
| 762-5xxx | >= FW26 |
| 762-6xxx | >= FW26 |
| 752-8303/8000-002 | >= FW26 |
FW22 Patch 2 will be available in Q1 2024
The vulnerability was reported by Panagiotis Bellonias from Secura.
Coordination done by CERT@VDE.