Panagiotis Bellonias

**Name of the Vulnerable Software and Affected Versions** WAGO PFC100/PFC200 versions (affected versions not specified) WAGO Edge Controller versions (affected versions not specified) WAGO Touch Panel 600 versions (affected versions not specified) **Description** The issue is related to errors in privilege management in the web-based management interface of WAGO products. It allows a local authenticated attacker to change the passwords of other non-admin users, thus escalating non-root privileges. **Recommendations** For WAGO PFC100/PFC200, consider restricting access to the web-based management interface until a fix is available. For WAGO Edge Controller, avoid using the password change functionality for non-admin users until the issue is resolved. For WAGO Touch Panel 600, as a temporary workaround, consider disabling the web-based management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.