CVE-2022-45138

Name of the Vulnerable Software and Affected Versions WAGO PFC100/PFC200 versions (affected versions not specified) WAGO CC100 versions (affected versions not specified) WAGO Edge Controller versions (affected versions not specified) WAGO Touch Panel 600 versions (affected versions not specified)

Description The issue is related to the lack of authentication for a critical function in the web-based management interface, allowing an unauthenticated attacker to access and modify device parameters. This could lead to the full compromise of the device. The vulnerability may also allow a remote attacker to execute arbitrary code.

Recommendations For WAGO PFC100/PFC200, consider restricting access to the configuration backend until a fix is available. For WAGO CC100, restrict access to critical functions that do not require authentication. For WAGO Edge Controller, limit the ability of unauthenticated users to read and set device parameters. For WAGO Touch Panel 600, disable remote access to the web-based management interface until the issue is resolved. As a temporary workaround, consider disabling critical functions that can be exploited by unauthenticated users until a patch is available.