CVE-2022-50926
Unknown Unknown - Not Provided
Privilege Escalation via Session Cookie Manipulation in WAGO PFC200 Firmware

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50926
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wago 750-8212_pfc200_g2_2eth_rs 03.05.10(17)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-565 The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the WAGO 750-8212 PFC200 G2 2ETH RS device firmware, allowing attackers to escalate their privileges from a normal user to an administrator by manipulating the user session cookies. Specifically, attackers can modify the 'name' and 'roles' parameters within the cookie to gain administrative access without authentication. This occurs due to insufficient validation and integrity checking of the session cookies in the device's web interface. [2, 3]

Impact Analysis

An attacker exploiting this vulnerability can gain unauthorized administrative access to the WAGO device remotely. This means they can control the device, potentially altering configurations, disrupting operations, or accessing sensitive information. Since no authentication is required to escalate privileges, the risk of compromise is high, leading to significant security impacts on confidentiality, integrity, and availability of the device and its managed systems. [2, 3]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the device's web management interface and inspecting session cookies for unauthorized modifications. Specifically, look for cookies where the 'name' parameter is set to 'admin' and the 'roles' array includes 'admin' privileges, which indicates privilege escalation attempts. A practical approach is to capture HTTP traffic (e.g., using tools like tcpdump or Wireshark) and filter for requests to the device's web interface (such as GET /wbm/ HTTP/1.1). Commands like 'tcpdump -i <interface> -A port 80' or 'tcpdump -i <interface> -A host <device_ip> and port 80' can be used to capture HTTP traffic. Then, inspect the Cookie headers for suspicious modifications. Additionally, web proxy tools like Burp Suite or browser developer tools can be used to analyze and manipulate cookies to verify the vulnerability. [2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the device's web management interface to trusted users only, implementing network-level controls such as firewalls or VPNs, and monitoring for suspicious cookie modifications. Since the vulnerability arises from insecure session cookie handling, applying any available firmware updates or patches from the vendor is critical. If no patch is available, consider disabling remote web management or using alternative secure management methods until a fix is applied. Additionally, educating users about the risk and monitoring logs for unauthorized access attempts can help reduce exposure. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50926. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart