WAGO: Exposure of configuration interface in unmanaged switches
CVE-2022-3843

9.1CRITICAL

Key Information:

Vendor: Wago
Status: Unmanaged Switch 852-111/000-001
Vendor: CVE Published:; 16 February 2023

Summary

An undocumented configuration interface in the WAGO Unmanaged Switch (852-111/000-001) firmware version 01 allows remote attackers to gain unauthorized access, enabling them to read system information and configure a limited set of parameters. This vulnerability poses a risk to the integrity and security of the network, highlighting the need for enhanced access controls and security measures.

Affected Version(s)

Unmanaged Switch 852-111/000-001 01

References

https://cert.vde.com/en/advisories/VDE-2022-055/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Nov 2, 2022