Summary
Two remote stack buffer overflow vulnerabilities were discovered in WAGO industrial switches. These issues originate from unsafe input handling in custom HTTP request parsing functions within the lighttpd binary. The affected binary lacks modern security features such as PIE and RELRO, increasing the risk of successful exploitation.
Impact
The vulnerabilities are exploitable without authentication and may allow remote code execution or cause denial of service. Exploitation can disable the web interface until manual intervention, as no automatic recovery mechanisms are in place.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Industrial-Managed-Switches 0852-1322 | Firmware <02.64 | |
| Industrial-Managed-Switches 0852-1328 | Firmware <02.64 |
Vulnerabilities
Expand / Collapse allAn unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
Remediation
Please update your devices to the specified fixed firmware version 02.64.
Acknowledgments
WAGO GmbH & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- Daniel Hulliger from The Cyber-Defence Campus of armasuisse S+T for reporting
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 10.12.2025 11:00 | Initial release. |