CVE-2022-3738: WAGO: Missing authentication for config export functionality in multiple products
First published: Thu Jan 19 2023(Updated: )
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC100 Firmware | >=16<=22 | |
| WAGO PFC100 | ||
| WAGO PFC200 Firmware | >=16<=22 | |
| WAGO PFC200 | ||
| Wago Touch Panel 600 Advanced Firmware | >=16<=22 | |
| Wago Touch Panel 600 Advanced | ||
| Wago Touch Panel 600 Standard Firmware | >=16<=22 | |
| Wago Touch Panel 600 Standard | ||
| Wago Touch Panel 600 Marine Firmware | >=16<=22 | |
| Wago Touch Panel 600 Marine | ||
| Wago Cc100 Firmware | >=16<=22 | |
| Wago Cc100 | ||
| Wago Edge Controller Firmware | >=16<=22 | |
| Wago Edge Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-3738.
What is the severity of CVE-2022-3738?
The severity of CVE-2022-3738 is medium with a CVSS score of 5.9.
Who is affected by CVE-2022-3738?
The vulnerability affects WAGO PFC100 Firmware (versions 16 to 22), WAGO PFC200 Firmware (versions 16 to 22), Wago Touch Panel 600 Advanced Firmware (versions 16 to 22), Wago Touch Panel 600 Standard Firmware (versions 16 to 22), Wago Touch Panel 600 Marine Firmware (versions 16 to 22), WAGO CC100 Firmware (versions 16 to 22), and WAGO Edge Controller Firmware (versions 16 to 22).
What can an attacker do with CVE-2022-3738?
An unauthenticated attacker can download a backup file containing sensitive information such as credentials and cryptographic material if one exists.
How can I protect myself from CVE-2022-3738?
To protect yourself from CVE-2022-3738, ensure that you do not create a backup file after the last reboot.
- collector/nvd-index
- agent/title
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/wago
- canonical/wago pfc100 firmware
- version/wago pfc100 firmware/16
- version/wago pfc100 firmware/22
- canonical/wago pfc100
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/16
- version/wago pfc200 firmware/22
- canonical/wago pfc200
- canonical/wago touch panel 600 advanced firmware
- version/wago touch panel 600 advanced firmware/16
- version/wago touch panel 600 advanced firmware/22
- canonical/wago touch panel 600 advanced
- canonical/wago touch panel 600 standard firmware
- version/wago touch panel 600 standard firmware/16
- version/wago touch panel 600 standard firmware/22
- canonical/wago touch panel 600 standard
- canonical/wago touch panel 600 marine firmware
- version/wago touch panel 600 marine firmware/16
- version/wago touch panel 600 marine firmware/22
- canonical/wago touch panel 600 marine
- canonical/wago cc100 firmware
- version/wago cc100 firmware/16
- version/wago cc100 firmware/22
- canonical/wago cc100
- canonical/wago edge controller firmware
- version/wago edge controller firmware/16
- version/wago edge controller firmware/22
- canonical/wago edge controller