Back to overview

Wago: Vulnerability in libwagosnmp

VDE-2025-004
Last update
04/10/2025 15:00
Published at
03/05/2025 12:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-004
CSAF Document
Download

Summary

Nozomi Networks reported a vulnerability in the pfc firmware sdk-G2 of libwagosnmp. The WAGO pfc-firmware-sdk-G2 is a software development kit designed for WAGO PFC devices which allows developers to build and customize the firmware.

Impact

If the requested memory size could not be allocated by the underlying operating system, the application uses an invalid memory area. This could lead to a crash of the application.

Affected Product(s)

Model no. Product name Affected versions
0751-9?01 CC100 0751-9x01 WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0752-8303/8000-0002 Edge Controller 0752-8303/8000-0002 Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0750-810?/????-???? PFC100 G1 0750-810x/xxxx-xxxx WAGO Firmware <3.10.11 (FW22 Patch 2), Custom Firmware <03.10.11 (70)
0750-811?-????-???? PFC100 G2 0750-811x-xxxx-xxxx Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
750-820?-????-???? PFC200 G1 750-820x-xxx-xxx Custom Firmware <03.10.11 (70), WAGO Firmware <3.10.11 (FW22 Patch 2)
750-821?-????-???? PFC200 G2 750-821x-xxx-xxx Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0762-420?/8000-000? TP600 0762-420x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0762-430?/8000-000? TP600 0762-430x/8000-000x Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0762-520?/8000-000? TP600 0762-520x/8000-000x Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0762-530?/8000-000? TP600 0762-530x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0762-620?/8000-000? TP600 0762-620x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0762-630?/8000-000? TP600 0762-630x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Weakness
Unchecked Return Value (CWE-252)
Summary

An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.

References
cve.org | nvd.nist.gov

Remediation

Update to Firmware 4.7.1 (FW29), Firmware 03.10.11. For the latest Custom Firmware, please contact the WAGO support.

Revision History

Version Date Summary
1 03/05/2025 12:00 Initial release.
2 04/10/2025 15:00 Fixed csaf reference URL