Share: Email | Twitter

ID

VDE-2023-046

Published

2023-10-17 08:00 (CEST)

Last update

2023-10-13 11:28 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
751-9301 Compact Controller CC100 FW19 <= FW26
752-8303/8000-002 Edge Controller FW18 <= FW26
750-81xx/xxx-xxx PFC100 FW16 <= FW26
750-82xx/xxx-xxx PFC200 FW16 <= FW26
762-5xxx Touch Panel 600 Advanced Line FW16 <= FW26
762-6xxx Touch Panel 600 Marine Line FW16 <= FW26
762-4xxx Touch Panel 600 Standard Line FW16 <= FW26

Summary

An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.


Last Update:

Aug. 30, 2024, 9:09 a.m.

Weakness

Externally Controlled Reference to a Resource in Another Sphere  (CWE-610) 

Summary

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.


Impact

User might not notice that files are accessed.

Solution

Mitigation

  1. As general security measures strongly WAGO recommends:
    Use general security best practices to protect systems from local and network
    attacks.
  2. Do not allow direct access to the device from untrusted networks.
  3. Update to the latest firmware according to the table in chapter solutions.

Remediation

We recommend all effected users to update to the firmware version listed below:

FW23

Article No. Product Name Fixed version (ETA Q2/2024)
751-9301 Compact Controller CC100  FW27
752-8303/8000-002 Edge Controller
750-81xx/xxx-xxx PFC100
750-82xx/xxx-xxx PFC200
762-5xxx Touch Panel 600 Advanced Line
762-6xxx Touch Panel 600 Marine Line
762-4xxx Touch Panel 600 Standard Line

Reported by

The vulnerability was reported by Floris Hendriks and Jeroen Wijenbergh from Radboud University.

Coordination done by CERT@VDE.