The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.

UPDATE A 15.06.2023 :

  • Removed PFC100 with FW23 as affected product and from solution
  • PFC200 with FW23 is only affected on 750-821x/xxx-xxx
  • Renamed "FW22 Patch 1" to "FW22 SP1" to match the versions of the download portal



The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.

The configuration backend can in some cases be used without authentication and to write data with root privileges. Additionally, the web-based management suffers a CORS misconfiguration and allows reflected XSS (Cross-Site Scripting) attacks.



An unknown and undocumented configuration interface with limited functionality was identified on the affected devices. 



A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.



The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.



UPDATE A: Solution has updated release dates
UPDATE B: Solution has updated release dates

This Advisory is published with reference to:

  • CODESYS Advisory 2022-11 (Security update for CODESYS Control V2)
  • CODESYS Advisory 2022-12 (Security update for CODESYS V2 password transport)
  • CODESYS Advisory 2022-13 (Security update for CODESYS Gateway V2)



WAGO: FTP-Server - Denial-of-Service

The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
See also: Siemens Advisory published October 11th, 2022 - SSA-313313



Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.



Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0