Vulnerability-Lookup

VDE-2022-042

Vulnerability from csaf_wagogmbhcokg - Published: 2022-10-17 08:00 - Updated: 2022-10-17 08:00

Summary

WAGO: Multiple products - Loss of MAC-Address-Filtering after reboot

Notes

Summary: The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.

Impact: Exploiting this flaw, an remote attacker is able to reach the network which should be protected by the MAC address filter.

Mitigation: Reactivate MAC Address Filter after restart to make sure MAC Address Filter is working. To test if the MAC Address Filter is working just add a test-client to the MAC Address Filter list, enable it and check if you can access the web-based-management via the test-client.

Remediation: We recommend all effected users to update to the firmware version listed below: ### **Serie WAGO PFC100/PFC200 and WAGO Compact Controller CC100** | Article Number | Fixed Firmware | |-----------------------|--------------------| | 750-81xx/xxx-xxx | 03.10.10(22) | | 750-8217/xxx-xxx | 03.10.10(22) | | 750-82xx/xxx-xxx | 03.10.10(22) | | 751-9301 | 04.01.10(23) | ### **Serie WAGO Touch Panel 600 and WAGO Edge Controller** | Article Number | Fixed Firmware | |-----------------------|--------------------| | 762-4xxx | 03.10.10(22) | | 762-5xxx | 03.10.10(22) | | 762-6xxx | 03.10.10(22) | | 752-8303/8000-002 | 03.10.10(22) |

CVE-2022-3281

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-440 - Expected Behavior Violation

Mitigation Reactivate MAC Address Filter after restart to make sure MAC Address Filter is working. To test if the MAC Address Filter is working just add a test-client to the MAC Address Filter list, enable it and check if you can access the web-based-management via the test-client.

Vendor Fix We recommend all effected users to update to the firmware version listed below: ### **Serie WAGO PFC100/PFC200 and WAGO Compact Controller CC100** | Article Number | Fixed Firmware | |-----------------------|--------------------| | 750-81xx/xxx-xxx | 03.10.10(22) | | 750-8217/xxx-xxx | 03.10.10(22) | | 750-82xx/xxx-xxx | 03.10.10(22) | | 751-9301 | 04.01.10(23) | ### **Serie WAGO Touch Panel 600 and WAGO Edge Controller** | Article Number | Fixed Firmware | |-----------------------|--------------------| | 762-4xxx | 03.10.10(22) | | 762-5xxx | 03.10.10(22) | | 762-6xxx | 03.10.10(22) | | 752-8303/8000-002 | 03.10.10(22) |

References

URL

Category

	https://certvde.com/en/advisories/VDE-2022-042/	self
	https://wago.csaf-tp.certvde.com/.well-known/csaf…	self
	https://www.wago.com/psirt	external
	https://certvde.com/en/advisories/vendor/wago/	external

Acknowledgments

CERT@VDE certvde.com

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Exploiting this flaw, an remote attacker is able to reach the network which should be protected by the MAC address filter.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Reactivate MAC Address Filter after restart to make sure MAC Address Filter is working. To test if the MAC Address Filter is working just add a test-client to the MAC Address Filter list, enable it and check if you can access the web-based-management via the test-client.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "We recommend all effected users to update to the firmware version listed below:\n\n### **Serie WAGO PFC100/PFC200 and WAGO Compact Controller CC100**\n\n| Article Number        | Fixed Firmware     |\n|-----------------------|--------------------|\n| 750-81xx/xxx-xxx      |  03.10.10(22)    |\n| 750-8217/xxx-xxx      |  03.10.10(22)    |\n| 750-82xx/xxx-xxx      |  03.10.10(22)    |\n| 751-9301              |  04.01.10(23)    |\n\n### **Serie WAGO Touch Panel 600 and WAGO Edge Controller**\n\n| Article Number        | Fixed Firmware     |\n|-----------------------|--------------------|\n| 762-4xxx              |  03.10.10(22)    |\n| 762-5xxx              |  03.10.10(22)    |\n| 762-6xxx              |  03.10.10(22)    |\n| 752-8303/8000-002     |  03.10.10(22)    |",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2022-042: WAGO: Multiple products - Loss of MAC-Address-Filtering after reboot - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-042/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-042: WAGO: Multiple products - Loss of MAC-Address-Filtering after reboot - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-042.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.wago.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      }
    ],
    "title": "WAGO: Multiple products - Loss of MAC-Address-Filtering after reboot",
    "tracking": {
      "aliases": [
        "VDE-2022-042"
      ],
      "current_release_date": "2022-10-17T08:00:00.000Z",
      "generator": {
        "date": "2025-06-12T12:02:31.927Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.27"
        }
      },
      "id": "VDE-2022-042",
      "initial_release_date": "2022-10-17T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-10-17T08:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Series WAGO Touch Panel 600",
                "product": {
                  "name": "Series WAGO Touch Panel 600",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-6xxx",
                      "762-5xxx",
                      "762-4xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "WAGO Compact Controller CC100",
                "product": {
                  "name": "WAGO Compact Controller CC100",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "751-9301"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "WAGO Edge Controller",
                "product": {
                  "name": "WAGO Edge Controller",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "752-8303/8000-002"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-81xx/xxx-xxx",
                "product": {
                  "name": "750-81xx/xxx-xxx",
                  "product_id": "CSAFPID-11004"
                }
              },
              {
                "category": "product_name",
                "name": "750-8217/xxx-xxx",
                "product": {
                  "name": "750-8217/xxx-xxx",
                  "product_id": "CSAFPID-11005"
                }
              },
              {
                "category": "product_name",
                "name": "750-82xx/xxx-xxx",
                "product": {
                  "name": "750-82xx/xxx-xxx",
                  "product_id": "CSAFPID-11006"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "03.04.10(16)\u003c=03.10.08(22)",
                "product": {
                  "name": "Firmware 03.04.10(16)\u003c=03.10.08(22)",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "03.01.07(13)\u003c=03.10.08(22)",
                "product": {
                  "name": "Firmware 03.01.07(13)\u003c=03.10.08(22)",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version_range",
                "name": "03.01.07(13)\u003c=03.10.09(22)",
                "product": {
                  "name": "Firmware 03.01.07(13)\u003c=03.10.09(22)",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version_range",
                "name": "03.07.17(19)\u003c=03.09.08(21)",
                "product": {
                  "name": "Firmware 03.07.17(19)\u003c=03.09.08(21)",
                  "product_id": "CSAFPID-21004"
                }
              },
              {
                "category": "product_version_range",
                "name": "03.06.09(18)\u003c=03.10.09(22)",
                "product": {
                  "name": "Firmware 03.06.09(18)\u003c=03.10.09(22)",
                  "product_id": "CSAFPID-21005"
                }
              },
              {
                "category": "product_version",
                "name": "03.10.10(22)",
                "product": {
                  "name": "Firmware 03.10.10(22)",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version",
                "name": " 04.01.10(23",
                "product": {
                  "name": "Firmware  04.01.10(23",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Vendor"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.01.07(13)\u003c=03.10.08(22) installed on WAGO Compact Controller CC100",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.01.07(13)\u003c=03.10.08(22) installed on WAGO Compact Controller CC100",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.01.07(13)\u003c=03.10.09(22) installed on WAGO Edge Controller",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.10.10(22) installed on Series WAGO Touch Panel 600",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware  04.01.10(23 installed on WAGO Compact Controller CC100",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.10.10(22) installed on WAGO Edge Controller",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.01.07(13)\u003c=03.10.08(22) installed on 750-81xx/xxx-xxx",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.04.10(16)\u003c=03.10.08(22) installed on 750-8217/xxx-xxx",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.01.07(13)\u003c=03.10.08(22) installed on 750-82xx/xxx-xxx",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.10.10(22) installed on 750-81xx/xxx-xxx",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.10.10(22) installed on 750-8217/xxx-xxx",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 03.10.10(22) installed on 750-82xx/xxx-xxx",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-3281",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "description",
          "text": "WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Reactivate MAC Address Filter after restart to make sure MAC Address Filter is working. To test if the MAC Address Filter is working just add a test-client to the MAC Address Filter list, enable it and check if you can access the web-based-management via the test-client.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "We recommend all effected users to update to the firmware version listed below:\n\n### **Serie WAGO PFC100/PFC200 and WAGO Compact Controller CC100**\n\n| Article Number        | Fixed Firmware     |\n|-----------------------|--------------------|\n| 750-81xx/xxx-xxx      |  03.10.10(22)    |\n| 750-8217/xxx-xxx      |  03.10.10(22)    |\n| 750-82xx/xxx-xxx      |  03.10.10(22)    |\n| 751-9301              |  04.01.10(23)    |\n\n### **Serie WAGO Touch Panel 600 and WAGO Edge Controller**\n\n| Article Number        | Fixed Firmware     |\n|-----------------------|--------------------|\n| 762-4xxx              |  03.10.10(22)    |\n| 762-5xxx              |  03.10.10(22)    |\n| 762-6xxx              |  03.10.10(22)    |\n| 752-8303/8000-002     |  03.10.10(22)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "title": "CVE-2022-3281"
    }
  ]
}

BDU:2023-00012

Vulnerability from fstec - Published: 17.10.2022

Title

Уязвимость микропрограммного обеспечения программируемых логических контроллеров WAGO PFC100/PFC200, CC100, Edge Controller и микропрограммного обеспечения сенсорных панелей WAGO Touch Panel 600, связанная с некорректно реализованной функцией фильтрации MAC-адресов, позволяющая нарушителю обойти ограничения безопасности

Description

Уязвимость микропрограммного обеспечения программируемых логических контроллеров WAGO PFC100/PFC200, CC100, Edge Controller и микропрограммного обеспечения сенсорных панелей WAGO Touch Panel 600 связана с некорректно реализованной функцией фильтрации MAC-адресов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vendor

WAGO Kontakttechnik GmbH & Co. KG

Software Name

WAGO PFC100/PFC200, WAGO Touch Panel 600, WAGO Compact Controller CC100, WAGO Edge Controller

Software Version

от 03.01.07(13) до 03.10.10(22) (WAGO PFC100/PFC200), от 03.01.07(13) до 03.10.10(22) (WAGO Touch Panel 600), от 03.07.17(19) до 04.01.10(23) (WAGO Compact Controller CC100), от 03.06.09(18) до 03.10.10(22) (WAGO Edge Controller)

Possible Mitigations

Использование рекомендаций: https://cert.vde.com/en/advisories/VDE-2022-042/

Reference

https://cert.vde.com/en/advisories/VDE-2022-042/ https://nvd.nist.gov/vuln/detail/CVE-2022-3281

CWE

CWE-440

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "WAGO Kontakttechnik GmbH \u0026 Co. KG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 03.01.07(13) \u0434\u043e 03.10.10(22) (WAGO PFC100/PFC200), \u043e\u0442 03.01.07(13) \u0434\u043e 03.10.10(22) (WAGO Touch Panel 600), \u043e\u0442 03.07.17(19) \u0434\u043e 04.01.10(23) (WAGO Compact Controller CC100), \u043e\u0442 03.06.09(18) \u0434\u043e 03.10.10(22) (WAGO Edge Controller)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert.vde.com/en/advisories/VDE-2022-042/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.01.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00012",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-3281, VDE-2022-042",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WAGO PFC100/PFC200, WAGO Touch Panel 600, WAGO Compact Controller CC100, WAGO Edge Controller",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO PFC100/PFC200, CC100, Edge Controller \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 WAGO Touch Panel 600, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 MAC-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0433\u043e \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f (CWE-440)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO PFC100/PFC200, CC100, Edge Controller \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 WAGO Touch Panel 600 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 MAC-\u0430\u0434\u0440\u0435\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert.vde.com/en/advisories/VDE-2022-042/\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3281",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-440",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2022-3281 (GCVE-0-2022-3281)

Vulnerability from cvelistv5 – Published: 2022-10-17 08:20 – Updated: 2025-05-10 02:56

Title

WAGO: multiple products - Loss of MAC-Address-Filtering after reboot

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-440 - Expected Behavior Violation

Assigner

CERTVDE

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2022-042

BDU:2023-00012

CVE-2022-3281 (GCVE-0-2022-3281)

Tags

Sightings

Nomenclature