WAGO: Vulnerability in hardware switch circuit

VDE-2025-083

Last update

15.09.2025 10:00

Published at

15.09.2025 10:00

Vendor(s)

WAGO GmbH & Co. KG

External ID

VDE-2025-083

CSAF Document

Download

Summary

The vulnerability in the Ethernet switch circuit is caused by a PullUp resistor at the reset input, leading to premature activation and undefined operation. Switching to a PullDown resistor keeps the switch in reset. This issue affects the CC100, the Touch Panels 600 and the Edge Controller.

Impact

The vulnerability causes the Ethernet switch to operate in an undefined state due to early activation, leading to unstable system behavior and potential connectivity issues.

Affected Product(s)

Model no.	Product name	Affected versions
	0751-9301	WAGO Firmware <04.08.05 (FW30)
	0751-9301/K000-0005	WAGO Firmware <04.08.05 (FW30)
	0751-9401	WAGO Firmware <04.08.05 (FW30)
	0751-9402	WAGO Firmware <04.08.05 (FW30)
	0751-9402/0000-0001	WAGO Firmware <04.08.05 (FW30)
	0751-9403	WAGO Firmware <04.08.05 (FW30)
	0752-8303/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4101	WAGO Firmware <04.08.05 (FW30)
	0762-4102	WAGO Firmware <04.08.05 (FW30)
	0762-4103	WAGO Firmware <04.08.05 (FW30)
	0762-4104	WAGO Firmware <04.08.05 (FW30)
	0762-4201/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-4201/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4202/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-4301/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4302/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4303/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4304/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4305/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-4306/8000-0002	WAGO Firmware <04.08.05 (FW30)
	0762-5201/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-5202/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-5203/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-5204/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-5204/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-5205/8000-0001	WAGO Firmware <04.08.05 (FW30)
	0762-5206/8000-0001	WAGO Firmware <04.08.05 (FW30)

Vulnerabilities

Expand / Collapse all

Published

09.02.2026 08:37

Severity

6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Weakness

Initialization of a Resource with an Insecure Default (CWE-1188)

Summary

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.

References

cve.org | nvd.nist.gov

Remediation

To address this vulnerability, it is recommended to utilize a newer hardware revision equipped with Firmware 04.08.05 (FW30). This firmware version is designed to resolve the issue by properly managing the switch activation and configuration process on the revised hardware. It is important to note that older firmware versions will not resolve the problem on the new hardware revision, and therefore upgrading both the hardware and firmware is necessary for an effective remediation.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1.0.0	15.09.2025 10:00	Initial revision.

WAGO: Vulnerability in hardware switch circuit

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2025-41713 6.5

Remediation

Acknowledgments

Revision History