Zurück zur Übersicht

WAGO: Escalation of Privileges in Coupler Firmware

VDE-2025-048
Last update
08.09.2025 09:00
Published at
08.09.2025 09:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-048
CSAF Document
Download

Summary

A design flaw in the file system management exposes internal system partitions - intended to be hidden - during brief moments when they are mounted by the firmware. These partitions contain sensitive data such as firmware and certificates. Although access to the file system is mediated by a Nucleus layer that supports permission control, these permissions are currently not enforced. As a result, services like FTP/SFTP may inadvertently gain access to critical internal resources, increasing the risk of unauthorized access or data leakage.

Impact

Due to the visibility of the internal partitions a low-privileged remote attacker can escalate privileges and can for example edit the firmware files.

Affected Product(s)

Model no. Product name Affected versions
0750-0362 Coupler 0750-0362 WAGO Firmware <FW13
0750-0362/0000-0001 Coupler 0750-0362/0000-0001 WAGO Firmware <FW13
0750-0362/0040-0000 Coupler 0750-0362/0040-0000 WAGO Firmware <FW13
0750-0362/K013-1080 Coupler 0750-0362/K013-1080 WAGO Firmware <FW13
Coupler 0750-0362/K019-7576 WAGO Firmware <FW13
0750-0363 Coupler 0750-0363 WAGO Firmware <FW13
0750-0363/0040-0000 Coupler 0750-0363/0040-0000 WAGO Firmware <FW13
0750-0364/0040-0010 Coupler 0750-0364/0040-0010 WAGO Firmware <FW13
0750-0365/0040-0010 Coupler 0750-0365/0040-0010 WAGO Firmware <FW13
0750-0366 Coupler 0750-0366 WAGO Firmware <FW13

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Incorrect Permission Assignment for Critical Resource (CWE-732)
Summary

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.

References
cve.org | nvd.nist.gov

Mitigation

By default, FTP is disabled on these devices. To prevent exploitation of this vulnerability, it is recommended to also disable SFTP in firmware versions below 13 through the device's configuration settings.

Remediation

Update to Firmware version 13.

Revision History

Version Date Summary
1 08.09.2025 09:00 initial version