Back to overview

WAGO: Critical sudo Vulnerability in Multiple Products

VDE-2025-082
Last update
09/08/2025 09:00
Published at
09/08/2025 09:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-082
CSAF Document
Download

Summary

A vulnerability in sudo allows a low privileged attacker to execute commands with root rights.

Impact

The vulnerability could potentially allow low privileged users to gain complete control over a system, leading to data breaches, modification of critical system files, unauthorized access to sensitive information, and disruption of services.

Affected Product(s)

Model no. Product name Affected versions
0751-9?01 CC100 0751-9x01 WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0752-8303/8000-0002 Edge Controller 0752-8303/8000-0002 WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0750-811?-????-???? PFC100 G2 0750-811x-xxxx-xxxx WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
750-821?-????-???? PFC200 G2 750-821x-xxx-xxx WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
PFC300 0750-8302 WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-420?/8000-000? TP600 0762-420x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-430?/8000-000? TP600 0762-430x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-520?/8000-000? TP600 0762-520x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-530?/8000-000? TP600 0762-530x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-620?/8000-000? TP600 0762-620x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-630?/8000-000? TP600 0762-630x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-340? WP400 0762-340x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
References
cve.org | nvd.nist.gov

Mitigation

Until Firmware 30 is available the vulnerability can be mitigated by installing an ipk to update sudo to 1.9.17p1. The ipk is available through the WAGO download center.

Remediation

Update to Firmware version 04.08.01 (FW30) or higher.

Revision History

Version Date Summary
1 09/08/2025 09:00 Initial revision.