CVE-2022-50926

WAGO · 750-8212 PFC200 G2 2ETH RS

WAGO 750-8212 PFC200 G2 2ETH RS firmware allows unauthenticated attackers to escalate privileges by manipulating session cookie parameters.

Executive summary

A critical privilege escalation vulnerability in WAGO PFC200 G2 firmware allows unauthenticated attackers to gain administrative access by manipulating session cookies.

Vulnerability

This vulnerability involves improper session management, where the system fails to validate user session cookies. Unauthenticated attackers can modify the 'name' and 'roles' parameters within the cookie to bypass authentication and assume administrative privileges.

Business impact

Successful exploitation allows an unauthorized user to gain full administrative control over the affected device. Given the CVSS score of 9.8, this poses a severe risk to operational technology (OT) environments, potentially leading to unauthorized system changes, disruption of industrial processes, or further lateral movement within the network.

Remediation

Immediate Action: Apply the latest firmware update provided by WAGO to all affected 750-8212 PFC200 G2 2ETH RS units. Consult the official WAGO security advisory for specific version numbers and installation instructions.

Proactive Monitoring: Monitor device access logs for unusual administrative logins or session cookie anomalies that deviate from established user behavior patterns.

Compensating Controls: Implement strict network segmentation and firewall rules to restrict access to the device management interface to trusted administrative IP addresses only.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The severity of this vulnerability necessitates immediate attention to prevent unauthorized administrative access. Administrators should prioritize patching these devices and ensure that management interfaces are not exposed to untrusted networks.