VDE-2025-004
Last update
10.04.2025 15:00
Published at
05.03.2025 12:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-004
CSAF Document
Summary
Nozomi Networks reported a vulnerability in the pfc firmware sdk-G2 of libwagosnmp. The WAGO pfc-firmware-sdk-G2 is a software development kit designed for WAGO PFC devices which allows developers to build and customize the firmware.
Impact
If the requested memory size could not be allocated by the underlying operating system, the application uses an invalid memory area. This could lead to a crash of the application.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 0751-9?01 | CC100 0751-9x01 | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0752-8303/8000-0002 | Edge Controller 0752-8303/8000-0002 | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0750-810?/????-???? | PFC100 G1 0750-810x/xxxx-xxxx | WAGO Firmware <3.10.11 (FW22 Patch 2), Custom Firmware <03.10.11 (70) |
| 0750-811?-????-???? | PFC100 G2 0750-811x-xxxx-xxxx | WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70) |
| 750-820?-????-???? | PFC200 G1 750-820x-xxx-xxx | Custom Firmware <03.10.11 (70), WAGO Firmware <3.10.11 (FW22 Patch 2) |
| 750-821?-????-???? | PFC200 G2 750-821x-xxx-xxx | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0762-420?/8000-000? | TP600 0762-420x/8000-000x | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0762-430?/8000-000? | TP600 0762-430x/8000-000x | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0762-520?/8000-000? | TP600 0762-520x/8000-000x | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0762-530?/8000-000? | TP600 0762-530x/8000-000x | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0762-620?/8000-000? | TP600 0762-620x/8000-000x | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
| 0762-630?/8000-000? | TP600 0762-630x/8000-000x | Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29) |
Vulnerabilities
Expand / Collapse all
Published
22.09.2025 14:58
Severity
Weakness
Unchecked Return Value (CWE-252)
Summary
An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.
References
Remediation
Update to Firmware 4.7.1 (FW29), Firmware 03.10.11. For the latest Custom Firmware, please contact the WAGO support.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 05.03.2025 12:00 | Initial release. |
| 2 | 10.04.2025 15:00 | Fixed csaf reference URL |