WAGO: Missing authentication for config export functionality in multiple products
CVE-2022-3738

5.9MEDIUM

Key Information:

Vendor: Wago
Status: Series Wago Pfc100; Series Wago Pfc200; Series Wago Touch Panel 600 Advanced Line; Series Wago Touch Panel 600 Marine Line
Vendor: CVE Published:; 19 January 2023

Summary

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Affected Version(s)

Series WAGO PFC100 FW16

Series WAGO PFC200 FW16

Series WAGO Touch Panel 600 Advanced Line FW16

References

https://cert.vde.com/en/advisories/VDE-2022-054/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2023
Vulnerability Reserved
Oct 28, 2022