Share: Email | Twitter

ID

VDE-2023-015

Published

2023-11-20 08:00 (CET)

Last update

2023-11-16 11:53 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
751-9301/xxx-xxx Compact Controller 100 <= FW25
752-8303/8000-002 Edge Controller <= FW25
750-810x/xxx-xxx PFC100 <= FW22 Patch1
750-821x/xxx-xxx PFC200 <= FW25
750-820x/xxx-xxx PFC200 <= FW22 Patch1
762-5xxx Touch Panel 600 Advanced Line <= FW25
762-6xxx Touch Panel 600 Marine Line <= FW25
762-4xxx Touch Panel 600 Standard Line <= FW25

Summary

There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.


Last Update:

Aug. 30, 2024, 9:27 a.m.

Weakness

Improper Privilege Management  (CWE-269) 

Summary

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.


Impact

An authenticated attacker can get further privileges allowing the attacker to change configuration and perform actions beyond the original user scope. 

Solution

Mitigation

  • Restrict network access to the device.
  • Do not directly connect the device to the internet.

Remediation

Wago recommends all affected users to update to the firmware version listed below:

Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100
Article Number Fixed in Firmware Version
750-811x/xxx-xxx  >= FW22 Patch 2
750-821x/xxx-xxx >= FW26
750-820x/xxx-xxx >= FW22 Patch 2
751-9301  >= FW26

Series WAGO Touch Panel 600 and WAGO Edge Controller
Article Number Fixed in Firmware Version
762-4xxx >= FW26
762-5xxx >= FW26
762-6xxx >= FW26
752-8303/8000-002 >= FW26


FW22 Patch 2 will be available in Q1 2024

Reported by

The vulnerability was reported by Panagiotis Bellonias from Secura.
Coordination done by CERT@VDE.