CVE-2022-50926
WAGO · 750-8212 PFC200 G2 2ETH RS
WAGO 750-8212 PFC200 G2 2ETH RS firmware allows unauthenticated attackers to escalate privileges by manipulating session cookie parameters.
Executive summary
A critical privilege escalation vulnerability in WAGO PFC200 G2 firmware allows unauthenticated attackers to gain administrative access by manipulating session cookies.
Vulnerability
This vulnerability involves improper session management, where the system fails to validate user session cookies. Unauthenticated attackers can modify the 'name' and 'roles' parameters within the cookie to bypass authentication and assume administrative privileges.
Business impact
Successful exploitation allows an unauthorized user to gain full administrative control over the affected device. Given the CVSS score of 9.8, this poses a severe risk to operational technology (OT) environments, potentially leading to unauthorized system changes, disruption of industrial processes, or further lateral movement within the network.
Remediation
Immediate Action: Apply the latest firmware update provided by WAGO to all affected 750-8212 PFC200 G2 2ETH RS units. Consult the official WAGO security advisory for specific version numbers and installation instructions.
Proactive Monitoring: Monitor device access logs for unusual administrative logins or session cookie anomalies that deviate from established user behavior patterns.
Compensating Controls: Implement strict network segmentation and firewall rules to restrict access to the device management interface to trusted administrative IP addresses only.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The severity of this vulnerability necessitates immediate attention to prevent unauthorized administrative access. Administrators should prioritize patching these devices and ensure that management interfaces are not exposed to untrusted networks.