Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

WAGO fixes config export flaw threatening data leak from industrial devices

Security researchers have disclosed a vulnerability that potentially led to exposure of sensitive data and credential theft in WAGO products.

Headquartered in Germany with locations worldwide, WAGO creates networking solutions for industrial systems, the cloud, and edge engineering. Products include PLC controllers, touch panels, sensors, and industrial switches.

On January 16, researchers from ONEKEY published a security advisory exploring two issues impacting a range of WAGO solutions.

While the detection of a command injection vulnerability in WAGO Series PFC100 configuration API turned out to be a false positive, a path traversal bug was also flagged – and this pointed toward a dubious PHP file and separate security flaw.

Authentication disabled

According to the researchers, attackers could exploit an unauthenticated configuration export vulnerability in the system by using an emulated device.

Tracked as CVE-2022-3738, the vulnerability is described as a PHP error in the WAGO web admin interface file download.php, as some lines are commented using a multi-line comment.

“This effectively disables the authentication and authorization checks that were supposed to be performed on those lines,” the team says. “A successful exploit could allow the attacker to download a copy of the running firmware or the VPN configuration.”

Speaking to The Daily Swig, Florian Lukavsky, CTO and founder at ONEKEY, said leaks could include cryptographic private keys used by the VPN client, usernames, password hashes, and config information such as network or PLC settings.

Reboot requirement

However, the vulnerability only achieved a medium CVSS severity score of 4.3.

Lukavsky noted that a prerequisite for successful exploitation was that an operator had exported target data since the most recent reboot. But he also observed that “since these devices usually run in industrial settings the reboot frequency is likely low, increasing the likelihood of export files to be present.

“If not for the non-reboot requirement, one could argue a high impact on confidentiality,” Lukavsky added. “This would raise the overall CVSS Base Score to 6.5 but would still keep it at medium because the integrity and availability of the system are not directly impacted by the vulnerability. We did not find a way to access the data after a reboot, so we are not aware of any circumventions.”

The aforementioned path traversal issue was rendered “useless” because it could “only be triggered by a user with administrative privileges”, said ONEKEY.

Users are advised to update their builds of affected WAGO products, which include PFC100, PFC200, Edge Controller, and various Touch Panel models.

The bugs were reported to WAGO PSIRT during October 2022.

The Daily Swig reached out to WAGO and we will update this story if and when we hear back.

Advertisement. Scroll to continue reading.

Copyright 2021 Associated Press. All rights reserved.

Source: https://portswigger.net/daily-swig/wago-fixes-config-export-flaw-threatening-data-leak-from-industrial-devices

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO