Back to overview

WAGO: Vulnerabilities in CODESYS Control

VDE-2025-008
Last update
05/14/2025 15:00
Published at
02/04/2025 12:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-008
CSAF Document
Download

Summary

The following firmware versions installed on several devices are are vulnerable due to a vulnerability in CODESYS Control.

Impact

The CODESYS Control runtime system allows devices to function as programmable industrial controllers, accessing IOs, communication interfaces, and system functions. An authenticated attacker could exploit a vulnerability to inject OS shell function calls via the SysFile or CAA file system libraries.

Affected Product(s)

Model no. Product name Affected versions
0751-9?01 WAGO CC100 0751/9x01 WAGO Firmware <04.05.10 (FW27), Custom Firmware <04.06.03(70)
0752-8303/8000-0002 WAGO Edge Controller 0752-8303/8000-0002 Custom Firmware <04.06.01(70), WAGO Firmware <04.05.10 (FW27)
0750-810?/????-???? WAGO PFC100 G1 0750-810x/xxxx-xxxx WAGO Firmware <03.10.11 (FW22 Patch 2), Custom Firmware <03.10.11(70)
0750-811?-????-???? WAGO PFC100 G2 0750-811x/xxxx-xxxx Custom Firmware <04.06.01(70), WAGO Firmware <04.05.10 (FW27)
750-820?-????-???? WAGO PFC200 G1 0750-820x/xxx-xxx Custom Firmware <03.10.11(70), WAGO Firmware <03.10.11 (FW22 Patch 2)
750-821?-????-???? WAGO PFC200 G2 0750-821x/xxx-xxx Custom Firmware <04.06.01(70), WAGO Firmware <04.05.10 (FW27)
0762-420?/8000-000? WAGO TP600 0762-420x/8000-000x WAGO Firmware <04.05.10 (FW27), Custom Firmware <04.06.01(70)
0762-430?/8000-000? WAGO TP600 0762-430x/8000-000x Custom Firmware <04.06.01(70), WAGO Firmware <04.05.10 (FW27)
0762-520?/8000-000? WAGO TP600 0762-520x/8000-000x Custom Firmware <04.06.01(70), WAGO Firmware <04.05.10 (FW27)
0762-530?/8000-000? WAGO TP600 0762-530x/8000-000x WAGO Firmware <04.05.10 (FW27), Custom Firmware <04.06.01(70)
0762-620?/8000-000? WAGO TP600 0762-620x/8000-000x WAGO Firmware <04.05.10 (FW27), Custom Firmware <04.06.01(70)
0762-630?/8000-000? WAGO TP600 0762-630x/8000-000x WAGO Firmware <04.05.10 (FW27), Custom Firmware <04.06.01(70)

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

References
cve.org | nvd.nist.gov

Mitigation

The vulnerability is only exploitable if the an attacker has successfully logged in with according user rights. To prevent attackers from exploiting the vulnerability it is recommend to change the standard password in the web based management.

Remediation

Update to Firmware version 27, Firmware 22 Patch 2. For the latest Custom Firmware version please contact the WAGO support.

Revision History

Version Date Summary
1 02/04/2025 12:00 Initial release.
2 02/19/2025 14:30 Update: fixed typo in Vendor fix, fixed version
3 05/14/2025 15:00 Fix: added distribution