CVE-2022-50926

CRITICAL

WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50926. PoCs published by Momen Eldawakhly.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS by manipulating the user cookie to change the role from 'user' to 'admin'. The attack involves modifying the JSON-encoded user data in the cookie to escalate privileges without authentication.

Description

WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.

Exploits (1)

exploitdb WORKING POC

by Momen Eldawakhly · textremotehardware

https://www.exploit-db.com/exploits/50793

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS by manipulating the user cookie to change the role from 'user' to 'admin'. The attack involves modifying the JSON-encoded user data in the cookie to escalate privileges without authentication.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17)

No auth needed

Prerequisites: Access to a valid session cookie · Network access to the target device

MITRE ATT&CK

T1134.001 - Token Impersonation/Theft

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/50793

Various Sources product

https://www.wago.com

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/wago-pfc-g-eth-rs-privilege-escalation

Scores

CVSS v3 9.8

EPSS 0.0048

EPSS Percentile 37.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-565

Status published

Products (1)

Wago/WAGO 750-8212 PFC200 Firmware version 03.05.10(17)

Published Jan 13, 2026

Tracked Since Feb 18, 2026