WAGO: PFC200 Access to files outside the home directory

Vulnerability

An authenticated attacker with network access to WAGO PFC200 devices can send specially crafted packets to exploit a vulnerability in multiple firmware versions. The flaw allows the attacker to bypass normal access controls and gain file system access with elevated privileges. The exact affected firmware versions are not explicitly listed in the available references, but the advisory from the vendor indicates the issue affects WAGO PFC200 devices running various firmware versions [1].

Exploitation

The attacker must have network access to the target device and valid authentication credentials. No user interaction is required. By sending specially crafted network packets to the device, the attacker can trigger the vulnerability. The precise protocol or service targeted is not specified in the current references, but the attack vector is network-based and requires the attacker to be on a network that can reach the device's services [1].

Impact

Successful exploitation allows the attacker to access the device's file system with higher privileges than intended. This could lead to reading, modifying, or deleting sensitive files, potentially compromising the device's integrity and confidentiality. The scope of the compromise is limited to the device itself, but given that PFC200 devices are often used in industrial control systems, this could have wider operational impacts [1].

Mitigation

No fixed version or specific workaround is disclosed in the available references. The advisory recommends that users apply the latest firmware update from WAGO's official support channels. If no patch is available, users should restrict network access to the device to trusted hosts only, and ensure strong authentication credentials are used [1].