Zurück zur Übersicht

WAGO: Critical sudo Vulnerability in Multiple Products

VDE-2025-082
Last update
08.09.2025 09:00
Published at
08.09.2025 09:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-082
CSAF Document
Download

Summary

A vulnerability in sudo allows a low privileged attacker to execute commands with root rights.

Impact

The vulnerability could potentially allow low privileged users to gain complete control over a system, leading to data breaches, modification of critical system files, unauthorized access to sensitive information, and disruption of services.

Affected Product(s)

Model no. Product name Affected versions
0750-811?-????-???? 0750-811x-xxxx-xxxx WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0750-8302 WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0751-9?01 0751-9x01 WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0752-8303/8000-0002 0752-8303/8000-0002 WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-340? 0762-340x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-420?/8000-000? 0762-420x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-430?/8000-000? 0762-430x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-520?/8000-000? 0762-520x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-530?/8000-000? 0762-530x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-620?/8000-000? 0762-620x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
0762-630?/8000-000? 0762-630x/8000-000x WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)
750-821?-????-???? 750-821x-xxx-xxx WAGO Firmware 04.05.10 (FW27)<04.08.01 (FW30)

Vulnerabilities

Expand / Collapse all

Published
09.02.2026 08:38
Severity
7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
Summary

Sudo before 1.9.17p1 allows low privileged local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

References
cve.org | nvd.nist.gov

Mitigation

Until Firmware 30 is available the vulnerability can be mitigated by installing an ipk to update sudo to 1.9.17p1. The ipk is available through the WAGO download center.

Remediation

Update to Firmware version 04.08.01 (FW30) or higher.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1 08.09.2025 09:00 Initial revision.