WAGO: multiple products - Loss of MAC-Address-Filtering after reboot
CVE-2022-3281

7.5HIGH

Key Information:

Vendor: Wago
Status: 750-81xx/xxx-xxx Series Pfc100/pfc200; 750-8217/xxx-xxx Series Pfc100/pfc200; 750-82xx/xxx-xxx Series Pfc100/pfc200; Compact Controller Cc100
Vendor: CVE Published:; 17 October 2022

Summary

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

Affected Version(s)

750-81xx/xxx-xxx Series PFC100/PFC200 03.01.07(13) <= 03.10.08(22)

750-8217/xxx-xxx Series PFC100/PFC200 03.04.10(16) <= 03.10.08(22)

750-82xx/xxx-xxx Series PFC100/PFC200 03.01.07(13) <= 03.10.08(22)

References

https://cert.vde.com/en/advisories/VDE-2022-042/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Sep 23, 2022