CVE-2022-3281

Summary

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

Affected Software

VendorProductVersion RangeStatus
WAGO750-81xx/xxx-xxx Series PFC100/PFC20003.01.07(13) <= 03.10.08(22)affected
WAGO750-8217/xxx-xxx Series PFC100/PFC20003.04.10(16) <= 03.10.08(22)affected
WAGO750-82xx/xxx-xxx Series PFC100/PFC20003.01.07(13) <= 03.10.08(22)affected
WAGOCompact Controller CC10003.07.17(19) <= 03.09.08(21)affected
WAGO762-4xxx Series Touch Panel 60003.01.07(13) <= 03.10.09(22)affected
WAGO762-5xxx Series Touch Panel 60003.01.07(13) <= 03.10.09(22)affected
WAGO762-6xxx Series Touch Panel 60003.01.07(13) <= 03.10.09(22)affected
WAGO752-8303/8000-002 Edge Controller03.06.09(18) <= 03.10.09(22)affected

Weaknesses

  • CWE-440: CWE-440 Expected Behavior Violation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References