Share: Email | Twitter

ID

VDE-2023-046

Published

2023-10-17 08:00 (CEST)

Last update

2025-05-07 17:24 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
0751-9x01 WAGO CC100 03.07.14 (FW19) < 04.07.01 (FW29)
0751-9x01 WAGO CC100 Custom Firmware < 04.07.01 (70)
0752-8303/8000-0002 WAGO Edge Controller 03.07.14 (FW19) < 04.07.01 (FW29)
0752-8303/8000-0002 WAGO Edge Controller Custom Firmware < 04.07.01 (70)
0750-810x/xxxx-xxxx WAGO PFC100 G1 03.07.14 (FW19) < 03.10.11 (FW22 Patch 2)
0750-810x/xxxx-xxxx WAGO PFC100 G1 Custom Firmware < 03.10.11 (70)
0750-811x-xxxx-xxxx WAGO PFC100 G2 03.07.14 (FW19) < 04.07.01 (FW29)
0750-811x-xxxx-xxxx WAGO PFC100 G2 Custom Firmware < 04.07.01 (70)
750-820x-xxx-xxx WAGO PFC200 G1 03.07.14 (FW19) < 03.10.11 (FW22 Patch 2)
750-820x-xxx-xxx WAGO PFC200 G1 Custom Firmware < 03.10.11 (70)
750-821x-xxx-xxx WAGO PFC200 G2 03.07.14 (FW19) < 04.07.01 (FW29)
750-821x-xxx-xxx WAGO PFC200 G2 Custom Firmware < 04.07.01 (70)
0762-420x/8000-000x WAGO TP600 03.07.14 (FW19) < 04.07.01 (FW29)
0762-430x/8000-000x WAGO TP600 03.07.14 (FW19) < 04.07.01 (FW29)
0762-520x/8000-000x WAGO TP600 03.07.14 (FW19) < 04.07.01 (FW29)
0762-530x/8000-000x WAGO TP600 03.07.14 (FW19) < 04.07.01 (FW29)
0762-620x/8000-000x WAGO TP600 03.07.14 (FW19) < 04.07.01 (FW29)
0762-630x/8000-000x WAGO TP600 03.07.14 (FW19) < 04.07.01 (FW29)
0762-420x/8000-000x WAGO TP600 Custom Firmware < 04.07.01 (70)
0762-430x/8000-000x WAGO TP600 Custom Firmware < 04.07.01 (70)
0762-520x/8000-000 WAGO TP600 Custom Firmware < 04.07.01 (70)
0762-530x/8000-000x WAGO TP600 Custom Firmware < 04.07.01 (70)
0762-620x/8000-000x WAGO TP600 Custom Firmware < 04.07.01 (70)
0762-630x/8000-000x WAGO TP600 Custom Firmware < 04.07.01 (70)

Summary

An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.

UPDATE 07.05.2025: The fixed versions have been updated, because the previously mentioned versions are still vulnerable to this issue. More details have been added to the hardware devices. More affected version numbers were added to the firmwares.

CVE ID

CVE-2023-4089 

Last Update:

Aug. 30, 2024, 9:09 a.m.

Severity

2.7 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) 

Weakness

Externally Controlled Reference to a Resource in Another Sphere  (CWE-610) 

Summary

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Details

cert.vde.com 

Impact

User might not notice that files are accessed.

Solution

Mitigation

  1. As general security measures strongly WAGO recommends:
    Use general security best practices to protect systems from local and network
    attacks.
  2. Do not allow direct access to the device from untrusted networks.
  3. Update to the latest firmware according to the table in chapter solutions.

Remediation

We recommend all effected users to update to the firmware version listed below:

  • WAGO Firmware 04.07.01 (FW29) installed on WAGO CC100 0751-9x01
  • WAGO Firmware 03.10.11 (FW22 Patch 2) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO PFC100 G2 0750-811x-xxxx-xxxx
  • WAGO Firmware 03.10.11 (FW22 Patch 2) installed on WAGO PFC200 G1 750-820x-xxx-xxx
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO PFC200 G2 750-821x-xxx-xxx
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-420x/8000-000x
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-430x/8000-000x
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-520x/8000-000x
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-530x/8000-000x
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-620x/8000-000x
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-630x/8000-000x
  • WAGO Firmware 04.07.01 (FW29) installed on WAGO Edge Controller 0752-8303/8000-0002
  • Custom Firmware 04.07.01 (70) installed on WAGO CC100 0751-9x01
  • Custom Firmware 03.10.11 (70) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx
  • Custom Firmware 04.07.01 (70) installed on WAGO PFC100 G2 0750-811x-xxxx-xxxx
  • Custom Firmware 03.10.11 (70) installed on WAGO PFC200 G1 750-820x-xxx-xxx
  • Custom Firmware 04.07.01 (70) installed on WAGO PFC200 G2 750-821x-xxx-xxx
  • Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-420x/8000-000x
  • Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-430x/8000-000x
  • Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-520x/8000-000x
  • Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-530x/8000-000x
  • Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-620x/8000-000x
  • Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-630x/8000-000x
  • Custom Firmware 04.07.01 (70) installed on WAGO Edge Controller 0752-8303/8000-0002

Reported by

The vulnerability was reported by Floris Hendriks and Jeroen Wijenbergh from Radboud University and re-reported by Alwin Warringa from Sopra Steria Red Team

Coordination done by CERT@VDE.