First published: Wed Mar 09 2022(Updated: )
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wago 750-8100 Firmware | >=fw16<fw22 | |
Wago 750-8100 | ||
Wago 750-8101 Firmware | >=fw16<fw22 | |
Wago 750-8101 | ||
Wago 750-8102 Firmware | >=fw16<fw22 | |
Wago 750-8102 | ||
Wago 751-9301 Firmware | >=fw16<fw22 | |
Wago 751-9301 | ||
Wago 750-8202 Firmware | >=fw16<fw22 | |
WAGO 750-8202 | ||
Wago 762-4205\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-4205\/8000-002 | ||
Wago 762-4206\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-4206\/8000-002 | ||
Wago 762-4305\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-4305\/8000-002 | ||
Wago 762-4306\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-4306\/8000-002 | ||
Wago 762-5205\/8000-001 Firmware | >=fw16<fw22 | |
Wago 762-5205\/8000-001 | ||
Wago 762-5206\/8000-001 Firmware | >=fw16<fw22 | |
Wago 762-5206\/8000-001 | ||
Wago 762-5305\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-5305\/8000-002 | ||
Wago 762-5306\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-5306\/8000-002 | ||
Wago 762-6301\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-6301\/8000-002 | ||
Wago 762-6302\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-6302\/8000-002 | ||
Wago 762-6303\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-6303\/8000-002 | ||
Wago 762-6304\/8000-002 Firmware | >=fw16<fw22 | |
Wago 762-6304\/8000-002 | ||
Wago 750-8102\/025-000 Firmware | >=fw16<fw22 | |
Wago 750-8102\/025-000 | ||
Wago 750-8101\/025-000 Firmware | >=fw16<fw22 | |
Wago 750-82 Firmware | >=fw16<fw22 | |
Wago 750-82 | ||
Wago 750-8202\/000-012 Firmware | >=fw16<fw22 | |
Wago 750-8202\/000-012 | ||
Wago 750-8202\/000-022 Firmware | >=fw16<fw22 | |
Wago 750-8202\/000-022 | ||
Wago 750-8202\/025-001 Firmware | >=fw16<fw22 | |
Wago 750-8202\/025-001 | ||
Wago 750-8202\/025-000 Firmware | >=fw16<fw22 | |
Wago 750-8202\/025-000 | ||
Wago 752-8303\/8000-002 Firmware | >=fw16<fw22 | |
Wago 752-8303\/8000-002 |
Install FW >=FW22 (FW22 planned for end of Q2/22)
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22511 is a vulnerability affecting various configuration pages of the Wago device, making them vulnerable to reflected XSS (Cross-Site Scripting) attacks.
An authorized attacker with user privileges can exploit CVE-2022-22511 to gain access to confidential information on a compromised PC that connects to the Wago Web-Based Management (WBM) interface.
CVE-2022-22511 has a severity rating of medium (5.4) according to the Common Vulnerability Scoring System (CVSS) v3.0.
Various Wago devices running firmware versions between fw16 and fw22 are affected by CVE-2022-22511.
You can find more information about CVE-2022-22511 in the advisory published by VDE-CERT.