Zurück zur Übersicht

WAGO: Multiple Vulnerabilities in CODESYS components

VDE-2025-062
Last update
03.11.2025 12:00
Published at
03.11.2025 12:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-062
CSAF Document
Download

Summary

Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.

Impact

CVE-2025-0694:
The used OPC UA protocol supports an outdated RSA encryption scheme. This allows an unauthenticated attacker to compromise the private key of the OPC UA server and bypass authentication or decrypt transmitted data.

CVE-2025-1468:
On a device with an executed Visualization an unauthenticated attacker can access static visualization files like texts or images via the web browser.

CVE-2025-2595:
Through the SysFile component (included by the CODESYS Control runtime system) an authenticated user is able to access the local file system. An authenticated attacker could use this to set a whitelist that gives access to paths inside or outside the default directory. This is possible by using placeholder similar to environmental variables.

Affected Product(s)

Model no. Product name Affected versions
Basic Controller 0750-800x Firmware <01.05.01
0751-9?01 CC100 0751-9x01 Custom Firmware <04.08.01 (70), Firmware <04.08.01 (FW30)
0752-8303/8000-0002 Edge Controller 0752-8303/8000-0002 Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0750-810?/????-???? PFC100 G1 0750-810x/xxxx-xxxx Firmware <3.10.11 (FW22 Patch 2)
0750-811?-????-???? PFC100 G2 0750-811x-xxxx-xxxx Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
750-820?-????-???? PFC200 G1 750-820x-xxx-xxx Firmware <3.10.11 (FW22 Patch 2)
750-821?-????-???? PFC200 G2 750-821x-xxx-xxx Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-420?/8000-000? TP600 0762-420x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-430?/8000-000? TP600 0762-430x/8000-000x Custom Firmware <04.08.01 (70), Firmware <04.08.01 (FW30)
0762-520?/8000-000? TP600 0762-520x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-530?/8000-000? TP600 0762-530x/8000-000x Custom Firmware <04.08.01 (70), Firmware <04.08.01 (FW30)
0762-620?/8000-000? TP600 0762-620x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-630?/8000-000? TP600 0762-630x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)

Vulnerabilities

Expand / Collapse all

Published
03.11.2025 08:00
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness
Observable Discrepancy (CWE-203)
References
cve.org | nvd.nist.gov

Published
03.11.2025 08:00
Severity
6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
References
cve.org | nvd.nist.gov

Published
03.11.2025 08:00
Severity
5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness
Direct Request ('Forced Browsing') (CWE-425)
References
cve.org | nvd.nist.gov

Remediation

Update to Firmware version 04.08.01 (FW30), 03.10.11 (FW22 Patch 2) or 01.05.01. For the latest Custom Firmware please contact the WAGO support.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1 03.11.2025 12:00 Release version.