VDE-2025-008 | CERT@VDE

2025-02-04 12:00 (CET) VDE-2025-008

WAGO: Vulnerabilities in CODESYS Control

Share: Email | Twitter

ID

VDE-2025-008

Published

2025-02-04 12:00 (CET)

Last update

2025-02-04 08:28 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	CC100 0751/9x01	< 4.5.10 (FW27)
	CC100 0751/9x01	< 04.06.03 (70)
	Edge Controller 0752-8303/8000-0002	< 4.5.10 (FW27)
	Edge Controller 0752-8303/8000-0002	< 04.06.03 (70)
	PFC100 G1 0750-810x/xxxx-xxxx	< 3.10.11 (FW22)
	PFC100 G1 0750-810x/xxxx-xxxx	< 03.10.11 (70)
	PFC100 G2 0750-811x/xxxx-xxxx	< 4.5.10 (FW27)
	PFC100 G2 0750-811x/xxxx-xxxx	< 04.06.03 (70)
	PFC200 G1 0750-820x/xxx-xxx	< 3.10.11 (FW22)
	PFC200 G1 0750-820x/xxx-xxx	< 03.10.11 (70)
	PFC200 G2 0750-821x/xxx-xxx	< 4.5.10 (FW27)
	PFC200 G2 0750-821x/xxx-xxx	< 04.06.03 (70)
	TP600 0762-420x/8000-000x	< 4.5.10 (FW27)
	TP600 0762-420x/8000-000x	< 04.06.03 (70)
	TP600 0762-430x/8000-000x	< 4.5.10 (FW27)
	TP600 0762-430x/8000-000x	< 04.06.03 (70)
	TP600 0762-520x/8000-000x	< 4.5.10 (FW27)
	TP600 0762-520x/8000-000x	< 04.06.03 (70)
	TP600 0762-530x/8000-000x	< 4.5.10 (FW27)
	TP600 0762-530x/8000-000x	< 04.06.03 (70)
	TP600 0762-620x/8000-000x	< 4.5.10 (FW27)
	TP600 0762-620x/8000-000x	< 04.06.03 (70)
	TP600 0762-630x/8000-000x	< 4.5.10 (FW27)
	TP600 0762-630x/8000-000x	< 04.06.03 (70)

Summary

The following firmware versions installed on several devices are are vulnerable due to a vulnerability in CODESYS Control.

CVE ID

CVE-2023-6357

Last Update:

30. August 2024 09:27

Severity

8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Summary

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

Details

cert.vde.com

Impact

The CODESYS Control runtime system allows devices to function as programmable industrial controllers, accessing IOs, communication interfaces, and system functions. An authenticated attacker could exploit a vulnerability to inject OS shell function calls via the SysFile or CAA file system libraries.

Solution

Mitigation

The vulnerability is only exploitable if the an attacker has successfully logged in with according user rights. To prevent attackers from exploiting the vulnerability it is recommend to change the standard password in the web based management.

Remediation

Update to Firmware version 27, Firmware 22 Patch. For the latest Custom Firmware version please contact the WAGO support.

Reported by

CERT@VDE coordinated with WAGO