Vulnerabilities > CVE-2022-3738 - Unspecified vulnerability in Wago products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

wago

NVD

Published: 2023-01-19

Updated: 2024-11-21

Summary

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Vulnerable Configurations

Part	Description	Count
OS	Wago Wago Pfc100 Firmware 16 Wago Pfc100 Firmware 20 Wago Pfc100 Firmware 22 Wago Pfc200 Firmware 16 Wago Pfc200 Firmware 20 Wago Pfc200 Firmware 22 Wago Touch Panel 600 Advanced Firmware 16 Wago Touch Panel 600 Standard Firmware 16 Wago Touch Panel 600 Standard Firmware 22 Wago Touch Panel 600 Marine Firmware 16 Wago Touch Panel 600 Marine Firmware 22 Wago Cc100 Firmware 16 Wago Cc100 Firmware 22 Wago Edge Controller Firmware 16 Wago Edge Controller Firmware 18 Wago Edge Controller Firmware 22	21
Hardware	Wago Wago Pfc100 - Wago Pfc200 - Wago Touch Panel 600 Advanced - Wago Touch Panel 600 Standard - Wago Touch Panel 600 Marine - Wago Cc100 - Wago Edge Controller -	7

Summary

Vulnerable Configurations

References