CVE-2022-45140

Summary

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller CC100 (751-9301)FW16 < FW22affected
WAGOCompact Controller CC100 (751-9301)FW22 Patch 1unaffected
WAGOCompact Controller CC100 (751-9301)FW23affected
WAGOEdge Controller (752-8303/8000-002)FW16 < FW22affected
WAGOEdge Controller (752-8303/8000-002)FW22 Patch 1unaffected
WAGOEdge Controller (752-8303/8000-002)FW23affected
WAGOPFC100 (750-81xx/xxx-xxx)FW16 < FW22affected
WAGOPFC100 (750-81xx/xxx-xxx)FW22 Patch 1unaffected
WAGOPFC100 (750-81xx/xxx-xxx)FW23affected
WAGOPFC200 (750-82xx/xxx-xxx)FW16 < FW22affected
WAGOPFC200 (750-82xx/xxx-xxx)FW22 Patch 1unaffected
WAGOPFC200 (750-82xx/xxx-xxx)FW23affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW16 < FW22affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW23affected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW16 < FW22affected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW23affected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW16 < FW22affected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW23affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References