Skip to main content

750 8100 Firmware CVE-2022-3281

HIGH
Expected Behavior Violation (CWE-440)
2022-10-17 info@cert.vde.com
Information Disclosure 750 8100 Firmware 750 8101 Firmware 750 8101 000 010 Firmware 750 8101 025 000 Firmware 750 8102 Firmware 750 8102 025 000 Firmware 750 8202 000 011 Firmware 750 8202 000 012 Firmware 750 8202 000 022 Firmware 750 8206 Firmware 750 8206 025 000 Firmware 750 8206 025 001 Firmware 750 8207 Firmware 750 8207 025 000 Firmware 750 8207 025 001 Firmware 750 8208 Firmware 750 8208 025 000 Firmware 750 8208 025 001 Firmware 750 8210 Firmware 750 8210 025 000 Firmware 750 8211 Firmware 750 8212 Firmware 750 8212 000 100 Firmware 750 8212 025 000 Firmware 750 8212 025 001 Firmware 750 8212 025 002 Firmware 750 8213 Firmware 750 8214 Firmware 750 8215 Firmware 750 8216 Firmware 750 8216 025 000 Firmware 750 8216 025 001 Firmware 750 8202 040 000 Firmware 750 8206 040 000 Firmware 750 8206 040 001 Firmware 750 8210 040 000 Firmware 750 8211 040 000 Firmware 750 8212 040 000 Firmware 750 8212 040 001 Firmware 750 8212 040 010 Firmware 750 8213 040 010 Firmware 750 8216 040 000 Firmware 750 8217 Firmware 750 8217 025 000 Firmware 750 8217 600 000 Firmware 750 8217 625 000 Firmware 762 4201 8000 001 Firmware 762 4202 8000 001 Firmware 762 4203 8000 001 Firmware 762 4204 8000 001 Firmware 762 4205 8000 001 Firmware 762 4206 8000 001 Firmware 762 4301 8000 002 Firmware 762 4302 8000 002 Firmware 762 4303 8000 002 Firmware 762 4304 8000 002 Firmware 762 4101 Firmware 762 4102 Firmware 762 4103 Firmware 762 4104 Firmware 762 5203 8000 001 Firmware 762 5204 8000 001 Firmware 762 5205 8000 001 Firmware 762 5206 8000 001 Firmware 762 5303 8000 002 Firmware 762 5304 8000 002 Firmware 762 5305 8000 002 Firmware 762 5306 8000 002 Firmware 762 6201 8000 001 Firmware 762 6202 8000 001 Firmware 762 6203 8000 001 Firmware 762 6204 8000 001 Firmware 762 6301 8000 002 Firmware 762 6302 8000 002 Firmware 762 6303 8000 002 Firmware 762 6304 8000 002 Firmware 752 8303 8000 002 Firmware 751 9301 Firmware
7.5
CVSS 3.1 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from Vendor (cert) · only source for this CVE.

CVSS VectorVendor: cert

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 17, 2022 - 09:15 cve.org
HIGH 7.5

DescriptionCVE.org

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

AnalysisAI

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-440. WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. Affected products include: Wago 750-8100 Firmware, Wago 750-8101 Firmware, Wago 750-8101\/000-010 Firmware, Wago 750-8101\/025-000 Firmware, Wago 750-8102 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-3281 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy