Cisco Talos discovered 41 vulnerabilities in WAGO’s PFC200 and PFC100 controllers. The vulnerabilities can be combined in two distinct attack chains that result in the ability to gain root privileges on the device. The attack originates from a trusted cloud provider but the cloud instance itself is attacker-controlled. These vulnerabilities are identified as TALOS-2019-0948 through TALON 2019-0950 (Cisco Talos) The vulnerabilities were resolved and that a firmware update is available for affected customers.”]
Source: https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-deep-dive-into.html