| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 750-831/xxx-xxx | <= FW07 | |
| 750-852 | <= FW07 | |
| 750-880/xxx-xxx | <= FW07 | |
| 750-881 | <= FW07 | |
| 750-882 | <= FW07 | |
| 750-885/xxx-xxx | <= FW07 | |
| 750-889 | <= FW07 |
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to change some special parameters without authentication.
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions.
This vulnerability allows an attacker who has access to the WBM to prevent the loading of the runtime-application after restart of the device by sending specifically constructed requests without authentication.
Upgrade affected devices to the latest standard firmware.
| Product | Fixed Versions |
| 750-852 | > FW07 |
| 750-880/xxx-xxx | > FW07 |
| 750-881 | > FW07 |
| 750-831/xxx-xxx | > FW07 |
| 750-882 | > FW07 |
| 750-885/xxx-xxx | > FW07 |
| 750-889 | > FW07 |
Mitigation
Maxim Rupp reported this vulnerability to WAGO.
CERT@VDE coordinated.