CVE-2022-45140

Name of the Vulnerable Software and Affected Versions WAGO PFC100/PFC200 versions (affected versions not specified) WAGO CC100 versions (affected versions not specified) WAGO Edge Controller versions (affected versions not specified) WAGO Touch Panel 600 versions (affected versions not specified)

Description The issue is related to the lack of authentication for a critical function in the configuration backend of the software. This could allow a remote attacker to write arbitrary data with root privileges, potentially leading to unauthenticated remote code execution and full system compromise.

Recommendations For WAGO PFC100/PFC200, consider implementing authentication mechanisms for critical functions to prevent unauthorized access until a patch is available. For WAGO CC100, restrict access to the configuration backend to minimize the risk of exploitation. For WAGO Edge Controller, disable any functionality that allows writing arbitrary data with root privileges until a fix is provided. For WAGO Touch Panel 600, avoid using the configuration backend for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.