WAGO: Multiple Vulnerabilities in I/O-Check Service

VDE-2025-080

Last update

09.09.2025 12:00

Published at

09.09.2025 12:00

Vendor(s)

WAGO GmbH & Co. KG

External ID

VDE-2025-080

CSAF Document

Download

Summary

A missing authentication vulnerability exists in the iocheckd service "I/O-Check" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

Impact

The reported vulnerability enables a remote attacker to send arbitrary commands without authentication. This could result in changes to settings, application deletion, factory resets, code execution, system crashes or denial of service. By using specially crafted IP packets, the attacker can manipulate settings and disrupt the device's basic functions, potentially gaining control of the device.

Affected Product(s)

Model no.	Product name	Affected versions
	0750-0331	WAGO Firmware vers:all/*
	0750-0332	WAGO Firmware vers:all/*
	0750-0340	WAGO Firmware vers:all/*
	0750-0341	WAGO Firmware vers:all/*
	0750-0342	WAGO Firmware vers:all/*
	0750-0352	WAGO Firmware vers:all/*
	0750-0362	WAGO Firmware vers:all/*
	0750-0363	WAGO Firmware vers:all/*
	0750-0370	WAGO Firmware vers:all/*
	0750-0375	WAGO Firmware vers:all/*
	0750-0377	WAGO Firmware vers:all/*
	0750-0823	WAGO Firmware vers:all/*
	0750-0829	WAGO Firmware vers:all/*
	0750-0831	WAGO Firmware vers:all/*
	0750-0842	WAGO Firmware vers:all/*
	0750-0843	WAGO Firmware vers:all/*
	0750-0852	WAGO Firmware vers:all/*
	0750-0860	WAGO Firmware vers:all/*
	0750-0862	WAGO Firmware vers:all/*
	0750-0863	WAGO Firmware vers:all/*
	0750-0870	WAGO Firmware vers:all/*
	0750-0871	WAGO Firmware vers:all/*
	0750-0872	WAGO Firmware vers:all/*
	0750-0880	WAGO Firmware vers:all/*
	0750-0881	WAGO Firmware vers:all/*
0750-800?	0750-800x	WAGO Firmware vers:all/*
0750-810?/????-????	0750-810x/xxxx-xxxx	WAGO Firmware vers:all/*
0750-811?-????-????	0750-811x-xxxx-xxxx	WAGO Firmware vers:all/*
0751-9?01	0751-9x01	WAGO Firmware vers:all/*
0752-8303/8000-0002	0752-8303/8000-0002	WAGO Firmware vers:all/*
0762-420?/8000-000?	0762-420x/8000-000x	WAGO Firmware vers:all/*
0762-430?/8000-000?	0762-430x/8000-000x	WAGO Firmware vers:all/*
0762-520?/8000-000?	0762-520x/8000-000x	WAGO Firmware vers:all/*
0762-530?/8000-000?	0762-530x/8000-000x	WAGO Firmware vers:all/*
0762-620?/8000-000?	0762-620x/8000-000x	WAGO Firmware vers:all/*
0762-630?/8000-000?	0762-630x/8000-000x	WAGO Firmware vers:all/*
750-820?-????-????	750-820x-xxx-xxx	WAGO Firmware vers:all/*
750-821?-????-????	750-821x-xxx-xxx	WAGO Firmware vers:all/*

Vulnerabilities

Expand / Collapse all

Published

09.02.2026 08:38

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Weakness

Missing Authentication for Critical Function (CWE-306)

Summary

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

References

cve.org | nvd.nist.gov

Mitigation

The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1	09.09.2025 12:00	Initial revision.

WAGO: Multiple Vulnerabilities in I/O-Check Service

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2019-5080 9.1

Mitigation

Acknowledgments

Revision History