CVE-2022-45137

Name of the Vulnerable Software and Affected Versions WAGO PFC100/PFC200 versions (affected versions not specified) WAGO CC100 versions (affected versions not specified) WAGO Edge Controller versions (affected versions not specified) WAGO Touch Panel 600 versions (affected versions not specified)

Description The configuration backend of the web-based management interface for WAGO programmable logic controllers and touch panels is vulnerable to reflected Cross-Site Scripting (XSS) attacks. This vulnerability can be exploited by a remote attacker to conduct inter-site script attacks, potentially affecting the confidentiality and integrity of the system, but with no impact on availability.

Recommendations For WAGO PFC100/PFC200, consider disabling the web-based management interface until a patch is available. For WAGO CC100, restrict access to the configuration backend to minimize the risk of exploitation. For WAGO Edge Controller, avoid using the web-based management interface for sensitive operations until the issue is resolved. For WAGO Touch Panel 600, as a temporary workaround, consider implementing additional security measures to protect against XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.