Zurück zur Übersicht

WAGO: Multiple Vulnerabilities in CODESYS components

VDE-2025-062
Last update
03.11.2025 12:00
Published at
03.11.2025 12:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-062
CSAF Document
Download

Summary

Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.

Impact

CVE-2025-0694:
The used OPC UA protocol supports an outdated RSA encryption scheme. This allows an unauthenticated attacker to compromise the private key of the OPC UA server and bypass authentication or decrypt transmitted data.

CVE-2025-1468:
On a device with an executed Visualization an unauthenticated attacker can access static visualization files like texts or images via the web browser.

CVE-2025-2595:
Through the SysFile component (included by the CODESYS Control runtime system) an authenticated user is able to access the local file system. An authenticated attacker could use this to set a whitelist that gives access to paths inside or outside the default directory. This is possible by using placeholder similar to environmental variables.

Affected Product(s)

Model no. Product name Affected versions
0750-800x Firmware <01.05.01
0750-810?/????-???? 0750-810x/xxxx-xxxx Firmware <3.10.11 (FW22 Patch 2)
0750-811?-????-???? 0750-811x-xxxx-xxxx Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0751-9?01 0751-9x01 Custom Firmware <04.08.01 (70), Firmware <04.08.01 (FW30)
0752-8303/8000-0002 0752-8303/8000-0002 Custom Firmware <04.08.01 (70), Firmware <04.08.01 (FW30)
0762-420?/8000-000? 0762-420x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-430?/8000-000? 0762-430x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-520?/8000-000? 0762-520x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-530?/8000-000? 0762-530x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-620?/8000-000? 0762-620x/8000-000x Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)
0762-630?/8000-000? 0762-630x/8000-000x Custom Firmware <04.08.01 (70), Firmware <04.08.01 (FW30)
750-820?-????-???? 750-820x-xxx-xxx Firmware <3.10.11 (FW22 Patch 2)
750-821?-????-???? 750-821x-xxx-xxx Firmware <04.08.01 (FW30), Custom Firmware <04.08.01 (70)

Vulnerabilities

Expand / Collapse all

Published
09.02.2026 08:37
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness
Observable Discrepancy (CWE-203)
Summary

An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.

References
cve.org | nvd.nist.gov

Published
09.02.2026 08:38
Severity
6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.

References
cve.org | nvd.nist.gov

Published
09.02.2026 15:51
Severity
5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness
Direct Request ('Forced Browsing') (CWE-425)
Summary

An unauthenticated remote attacker can bypass the user management in the CODESYS Visualization and read visualization template files or static elements of the CODESYS WebVisu by means of forced browsing.

References
cve.org | nvd.nist.gov

Remediation

Update to Firmware version 04.08.01 (FW30), 03.10.11 (FW22 Patch 2) or 01.05.01. For the latest Custom Firmware please contact the WAGO support.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1 03.11.2025 12:00 Release version.