CVE-2022-3738— WAGO: Missing authentication for config export functionality in multiple products

WAGO: Missing authentication for config export functionality in multiple products

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

关键功能的认证机制缺失

WAGO 访问控制错误漏洞

WAGO 750-88x Series等都是德国万可（WAGO）公司的产品。WAGO 750-88x Series是一款750-88x系列可编程逻辑控制器。WAGO 750-87x Series是一款750-87x系列可编程逻辑控制器。WAGO Series PFC100是一款可编程逻辑控制器。 WAGO 存在访问控制错误漏洞，攻击者可利用该漏洞允许未经身份验证的远程攻击者下载备份文件。

N/A

N/A