What is CVE-2022-22511?

CVE-2022-22511 is a vulnerability affecting various configuration pages of the Wago device, making them vulnerable to reflected XSS (Cross-Site Scripting) attacks.

How can an attacker exploit CVE-2022-22511?

An authorized attacker with user privileges can exploit CVE-2022-22511 to gain access to confidential information on a compromised PC that connects to the Wago Web-Based Management (WBM) interface.

What is the severity of CVE-2022-22511?

CVE-2022-22511 has a severity rating of medium (5.4) according to the Common Vulnerability Scoring System (CVSS) v3.0.

Which Wago devices are affected by CVE-2022-22511?

Various Wago devices running firmware versions between fw16 and fw22 are affected by CVE-2022-22511.

Where can I find more information about CVE-2022-22511?

You can find more information about CVE-2022-22511 in the advisory published by VDE-CERT.

Vulnerability/
CVE-2022-22511

medium

5.4

CWE

9/3/2022

3/8/2024

CVE-2022-22511: WAGO PLCs WBM vulnerable to reflected XSS

First published: Wed Mar 09 2022(Updated: )

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
Wago 750-8100 Firmware	>=fw16<fw22
Wago 750-8100
Wago 750-8101 Firmware	>=fw16<fw22
Wago 750-8101
Wago 750-8102 Firmware	>=fw16<fw22
Wago 750-8102
Wago 751-9301 Firmware	>=fw16<fw22
Wago 751-9301
Wago 750-8202 Firmware	>=fw16<fw22
WAGO 750-8202
Wago 762-4205\/8000-002 Firmware	>=fw16<fw22
Wago 762-4205\/8000-002
Wago 762-4206\/8000-002 Firmware	>=fw16<fw22
Wago 762-4206\/8000-002
Wago 762-4305\/8000-002 Firmware	>=fw16<fw22
Wago 762-4305\/8000-002
Wago 762-4306\/8000-002 Firmware	>=fw16<fw22
Wago 762-4306\/8000-002
Wago 762-5205\/8000-001 Firmware	>=fw16<fw22
Wago 762-5205\/8000-001
Wago 762-5206\/8000-001 Firmware	>=fw16<fw22
Wago 762-5206\/8000-001
Wago 762-5305\/8000-002 Firmware	>=fw16<fw22
Wago 762-5305\/8000-002
Wago 762-5306\/8000-002 Firmware	>=fw16<fw22
Wago 762-5306\/8000-002
Wago 762-6301\/8000-002 Firmware	>=fw16<fw22
Wago 762-6301\/8000-002
Wago 762-6302\/8000-002 Firmware	>=fw16<fw22
Wago 762-6302\/8000-002
Wago 762-6303\/8000-002 Firmware	>=fw16<fw22
Wago 762-6303\/8000-002
Wago 762-6304\/8000-002 Firmware	>=fw16<fw22
Wago 762-6304\/8000-002
Wago 750-8102\/025-000 Firmware	>=fw16<fw22
Wago 750-8102\/025-000
Wago 750-8101\/025-000 Firmware	>=fw16<fw22
Wago 750-82 Firmware	>=fw16<fw22
Wago 750-82
Wago 750-8202\/000-012 Firmware	>=fw16<fw22
Wago 750-8202\/000-012
Wago 750-8202\/000-022 Firmware	>=fw16<fw22
Wago 750-8202\/000-022
Wago 750-8202\/025-001 Firmware	>=fw16<fw22
Wago 750-8202\/025-001
Wago 750-8202\/025-000 Firmware	>=fw16<fw22
Wago 750-8202\/025-000
Wago 752-8303\/8000-002 Firmware	>=fw16<fw22
Wago 752-8303\/8000-002

Remedy

Install FW >=FW22 (FW22 planned for end of Q2/22)

Never miss a vulnerability like this again

Reference Links

https://cert.vde.com/en/advisories/VDE-2022-004/

Frequently Asked Questions

What is CVE-2022-22511?
CVE-2022-22511 is a vulnerability affecting various configuration pages of the Wago device, making them vulnerable to reflected XSS (Cross-Site Scripting) attacks.
How can an attacker exploit CVE-2022-22511?
An authorized attacker with user privileges can exploit CVE-2022-22511 to gain access to confidential information on a compromised PC that connects to the Wago Web-Based Management (WBM) interface.
What is the severity of CVE-2022-22511?
CVE-2022-22511 has a severity rating of medium (5.4) according to the Common Vulnerability Scoring System (CVSS) v3.0.
Which Wago devices are affected by CVE-2022-22511?
Various Wago devices running firmware versions between fw16 and fw22 are affected by CVE-2022-22511.
Where can I find more information about CVE-2022-22511?
You can find more information about CVE-2022-22511 in the advisory published by VDE-CERT.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/remedy
agent/title
agent/references
agent/last-modified-date
agent/severity
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/wago
canonical/wago 750-8100 firmware
version/wago 750-8100 firmware/fw16
canonical/wago 750-8100
canonical/wago 750-8101 firmware
version/wago 750-8101 firmware/fw16
canonical/wago 750-8101
canonical/wago 750-8102 firmware
version/wago 750-8102 firmware/fw16
canonical/wago 750-8102
canonical/wago 751-9301 firmware
version/wago 751-9301 firmware/fw16
canonical/wago 751-9301
canonical/wago 750-8202 firmware
version/wago 750-8202 firmware/fw16
canonical/wago 750-8202
canonical/wago 762-4205\/8000-002 firmware
version/wago 762-4205\/8000-002 firmware/fw16
canonical/wago 762-4205\/8000-002
canonical/wago 762-4206\/8000-002 firmware
version/wago 762-4206\/8000-002 firmware/fw16
canonical/wago 762-4206\/8000-002
canonical/wago 762-4305\/8000-002 firmware
version/wago 762-4305\/8000-002 firmware/fw16
canonical/wago 762-4305\/8000-002
canonical/wago 762-4306\/8000-002 firmware
version/wago 762-4306\/8000-002 firmware/fw16
canonical/wago 762-4306\/8000-002
canonical/wago 762-5205\/8000-001 firmware
version/wago 762-5205\/8000-001 firmware/fw16
canonical/wago 762-5205\/8000-001
canonical/wago 762-5206\/8000-001 firmware
version/wago 762-5206\/8000-001 firmware/fw16
canonical/wago 762-5206\/8000-001
canonical/wago 762-5305\/8000-002 firmware
version/wago 762-5305\/8000-002 firmware/fw16
canonical/wago 762-5305\/8000-002
canonical/wago 762-5306\/8000-002 firmware
version/wago 762-5306\/8000-002 firmware/fw16
canonical/wago 762-5306\/8000-002
canonical/wago 762-6301\/8000-002 firmware
version/wago 762-6301\/8000-002 firmware/fw16
canonical/wago 762-6301\/8000-002
canonical/wago 762-6302\/8000-002 firmware
version/wago 762-6302\/8000-002 firmware/fw16
canonical/wago 762-6302\/8000-002
canonical/wago 762-6303\/8000-002 firmware
version/wago 762-6303\/8000-002 firmware/fw16
canonical/wago 762-6303\/8000-002
canonical/wago 762-6304\/8000-002 firmware
version/wago 762-6304\/8000-002 firmware/fw16
canonical/wago 762-6304\/8000-002
canonical/wago 750-8102\/025-000 firmware
version/wago 750-8102\/025-000 firmware/fw16
canonical/wago 750-8102\/025-000
canonical/wago 750-8101\/025-000 firmware
version/wago 750-8101\/025-000 firmware/fw16
canonical/wago 750-82 firmware
version/wago 750-82 firmware/fw16
canonical/wago 750-82
canonical/wago 750-8202\/000-012 firmware
version/wago 750-8202\/000-012 firmware/fw16
canonical/wago 750-8202\/000-012
canonical/wago 750-8202\/000-022 firmware
version/wago 750-8202\/000-022 firmware/fw16
canonical/wago 750-8202\/000-022
canonical/wago 750-8202\/025-001 firmware
version/wago 750-8202\/025-001 firmware/fw16
canonical/wago 750-8202\/025-001
canonical/wago 750-8202\/025-000 firmware
version/wago 750-8202\/025-000 firmware/fw16
canonical/wago 750-8202\/025-000
canonical/wago 752-8303\/8000-002 firmware
version/wago 752-8303\/8000-002 firmware/fw16
canonical/wago 752-8303\/8000-002