Summary
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to read and write some special parameters without authentication.
This vulnerability is different to advisory SAV-2020-014 / VDE-2020-028
Impact
This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure of the WBM to read and/or write a settings-parameter of the devices by sending specifically constructed requests without authentication.
This can lead to malfunction of the application after reboot.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 750-362 | 750-362 | Firmware <=FW07 |
| 750-363 | 750-363 | Firmware <=FW07 |
| 750-823 | 750-823 | Firmware <=FW07 |
| 750-832/xxx-xxx | 750-832/xxx-xxx | Firmware <=FW07 |
| 750-862 | 750-862 | Firmware <=FW07 |
| 750-890/xxx-xxx | 750-890/xxx-xxx | Firmware <=FW07 |
| 750-891 | 750-891 | Firmware <=FW07 |
| 750-893 | 750-893 | Firmware <=FW07 |
Vulnerabilities
Expand / Collapse allThis vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Mitigation
- Restrict network access to the device.
-
Do not directly connect the device to the internet.
-
Disable unused TCP/UDP ports.
-
Disable web-based management ports 80/443 after the configuration phase
Remediation
Update the device to the latest FW version.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 08/31/2021 09:01 | initial revision |
| 2 | 11/06/2024 12:27 | Fix: correct certvde domain, fixed language setting, added self-reference |
| 3 | 02/12/2025 17:48 | Fix: corrected self-reference, fixed version |
| 4 | 05/14/2025 15:00 | Fix: added distribution |