| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 750-362 | <= FW03 | |
| 750-363 | <= FW03 | |
| 750-823 | <= FW03 | |
| 750-832/xxx-xxx | <= FW03 | |
| 750-862 | <= FW03 | |
| 750-890/xxx-xxx | <= FW03 | |
| 750-891 | <= FW03 |
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to change some special parameters without authentication.
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions.
This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure from the WBM to change the parameter setting of the devices by sending specifically constructed requests without authentication.
This can lead to malfunction of the application after reboot.
Update affected devices to version > FW03
| Product | Fixed Versions |
| 750-362 | > FW03 |
| 750-363 | > FW03 |
| 750-823 | > FW03 |
| 750-832/xxx-xxx | > FW03 |
| 750-862 | > FW03 |
| 750-891 | > FW03 |
| 750-890/xxx-xxx | > FW03 |
Mitigation
Maxim Rupp reported this vulnerability to WAGO.
CERT@VDE coordinated.