CVE-2022-45140: The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
wago	751-9301_firmware	—	—
wago	751-9301_firmware	—	—
wago	751-9301_firmware	>= 16 < 22	22
wago	752-8303_8000-002_firmware	—	—
wago	752-8303_8000-002_firmware	—	—
wago	752-8303_8000-002_firmware	>= 18 < 22	22
wago	compact_controller_cc100	—	—
wago	compact_controller_cc100	>= FW16 < FW22	FW22
wago	edge_controller	—	—
wago	edge_controller	>= FW16 < FW22	FW22
wago	pfc100	—	—
wago	pfc100	>= FW16 < FW22	FW22
wago	pfc100_firmware	—	—
wago	pfc100_firmware	—	—
wago	pfc100_firmware	>= 16 < 22	22
wago	pfc200	—	—
wago	pfc200	>= FW16 < FW22	FW22
wago	pfc200_firmware	—	—
wago	pfc200_firmware	—	—
wago	pfc200_firmware	>= 16 < 22	22
wago	touch_panel_600_advanced_firmware	—	—
wago	touch_panel_600_advanced_firmware	—	—
wago	touch_panel_600_advanced_firmware	>= 16 < 22	22
wago	touch_panel_600_advanced_line	—	—
wago	touch_panel_600_advanced_line	>= FW16 < FW22	FW22