CVE-2022-50926

Name of the Vulnerable Software and Affected Versions WAGO 750-8212 PFC200 G2 2ETH RS firmware (affected versions not specified)

Description The WAGO 750-8212 PFC200 G2 2ETH RS firmware has a flaw that allows privilege escalation. An attacker can manipulate user session cookies to gain administrative privileges without needing to authenticate. Specifically, the attacker modifies the 'name' and 'roles' parameters within the cookie to elevate their access level from a standard user to an administrator. The affected API endpoint is not explicitly mentioned, but the issue involves manipulation of user session cookies. The vulnerable parameters are name and roles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.