Executive Summary

This vulnerability is a critical stack-based buffer overflow in WAGO Industrial-Managed Switches caused by unsafe sscanf calls within the check_cookie() function of the lighttpd binary. An unauthenticated remote attacker can exploit this flaw to write arbitrary data into fixed-size stack buffers, leading to full device compromise. The affected binary lacks modern security protections, making exploitation easier. [1]

Useful 0 Not Useful 0

Impact Analysis

Exploitation of this vulnerability can result in full device compromise, allowing remote code execution or denial of service. This includes the possibility of disabling the device's web interface without automatic recovery, potentially disrupting device operation and network management. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection can be performed by identifying devices running vulnerable firmware versions earlier than 02.64 on WAGO Industrial-Managed Switches models 0852-1322 and 0852-1328. Since the vulnerability involves the lighttpd binary's check_cookie() function, monitoring HTTP requests for unusual or malformed cookies that might trigger the unsafe sscanf calls could help. However, no specific detection commands are provided in the available resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the device firmware to version 02.64 or later, which addresses the vulnerability. Until the update can be applied, restricting access to the affected devices' web interfaces and monitoring for suspicious activity is advisable to reduce risk. [1]

Useful 0 Not Useful 0