Zurück zur Übersicht

Wago: Multiple vulnerabilities in web-based management of multiple products

VDE-2023-039
Last update
13.03.2024 09:30
Published at
13.03.2024 09:30
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2023-039
CSAF Document
Download

Summary

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates.
The option to change the configuration data via tools or the web-based-management enabled attackers to prepare cross-site-scripting attacks and under specific circumstances perform remote code execution.

Impact

The web-based management of affected products is vulnerable to Reflective Cross-Site Scripting. This can be used to install malicious code and to gain access to confidential information on a System that connects to the WBM after it has been compromised.
Additionally, the affected products contain a buffer overflow vulnerability which enables attackers to remotely execute code, which could lead to compromise of data and execution of malicious code.

Affected Product(s)

Model no. Product name Affected versions
750-829 Controller BACnet MS/TP Firmware <=FW13
750-831/xxx-xxx Controller BACnet/IP Firmware <=FW13
750-852, 750-88x/xxx-xxx Ethernet Controller 3rd Generation Firmware <=FW13
750-352/xxx-xxx Fieldbus Coupler Ethernet 3rd Generation Firmware <=FW13

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:58
Severity
8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary

An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.

References
cve.org | nvd.nist.gov

Published
22.09.2025 14:58
Severity
5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary

An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.

References
cve.org | nvd.nist.gov

Mitigation

If not needed, you can deactivate the web-based management to prevent attacks (command line). Disableunused TCP/UDP-ports. Restrict network access to the device. Do not directly connect the device to theinternet.

Remediation

A fix for the affected firmwares will be provided with the following firmware versions:

  • FW14 installed on 750-352/xxx-xxx
  • FW14 installed on 750-88x/xxx-xxx
  • FW14 installed on 750-852

No fix planned for products:

<= FW13 installed on 750-831/xxx-xxx

<= FW13 installed on 750-829

Revision History

Version Date Summary
1 13.03.2024 09:30 Initial revision.