Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.
The WAGO Navigator versions 1.0.1 and 1.0 are vulnerable due to the use of the WiX toolset version 3.11.2.
The following vulnerabilities are published with reference to CODESYS Advisory 2023-05, CODESYS Advisory 2023-06 and CODESYS Advisory 2023-09
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates.
The option to change the configuration data via tools or the web-based-management enabled attackers to prepare cross-site-scripting attacks and under specific circumstances perform remote code execution.
A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation in Javascript, both used in CodeMeter Runtime affecting multiple products by WAGO. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations.
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.