VDE-2022-009 — Vulnetix

VDE-2022-009 PUBLISHED CVSS 7.800000190734863 HIGH

The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter 'Affected Products'.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	Firmware 03.08.07(20)<=03.08.08(20)
	762-6xxx
	751-9301
	Firmware 03.09.05(21)
	752-8303/8000-002
	762-4xxx
	Firmware 03.07.19(19)
	Firmware 03.09.04(21)
	Firmware 03.07.14(19)<=03.08.08(20)
	750-81xx/xxx-xxx
	750-82xx/xxx-xxx
	Firmware 03.07.14(19)<=03.07.18(19)
	762-5xxx
	750-8217/xxx-xxx

Timeline

Apr 6, 2022 CVE Published
Dec 27, 2024 PoC Published
Feb 13, 2025 PoC Published
Mar 28, 2025 PoC Published
May 12, 2025 PoC Published
May 22, 2025 CVE Updated

References

https://certvde.com/en/advisories/VDE-2022-009/ advisory
https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-009.json advisory
https://www.wago.com/psirt url
https://certvde.com/en/advisories/vendor/wago/ url

Open in Interactive Console →