VDE-2025-083 | CERT@VDE

2025-09-15 10:00 (CEST) VDE-2025-083

WAGO: Vulnerability in hardware switch circuit

Share: Email | Twitter

ID

VDE-2025-083

Published

2025-09-15 10:00 (CEST)

Last update

2025-09-12 11:30 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	CC100 0751-9301	< HW rev. 082100
	CC100 0751-9301 HW rev. <082100	< 04.08.05 (FW30)
	CC100 0751-9301/K000-0005	< HW rev. 082100
	CC100 0751-9301/K000-0005 HW rev. <082100	< 04.08.05 (FW30)
	CC100 0751-9401	< HW rev. 052500
	CC100 0751-9401 HW rev. <052500	< 04.08.05 (FW30)
	CC100 0751-9402	< HW rev. 032800
	CC100 0751-9402/0000-0001	< HW rev. 052800
	CC100 0751-9402/0000-0001 HW rev. <052800	< 04.08.05 (FW30)
	CC100 0751-9402 HW rev. <032800	< 04.08.05 (FW30)
	CC100 0751-9403	< HW rev. 022800
	CC100 0751-9403 HW rev. <022800	< 04.08.05 (FW30)
	Edge Controller 0752-8303/8000-0002	< HW rev. 32500
	Edge Controller 0752-8303/8000-0002 HW rev. 32500	< 04.08.05 (FW30)
	TP600 0762-4101	< HW rev. 072500
	TP600 0762-4101 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4102	< HW rev. 072500
	TP600 0762-4102 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4104	< HW rev. 062500
	TP600 0762-4104 HW rev. <062500	< 04.08.05 (FW30)
	TP600 0762-4201/8000-0001	< HW rev. 072500
	TP600 0762-4201/8000-0001 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4201/8000-0002	< HW rev. 072500
	TP600 0762-4201/8000-0002	< HW rev. 072500
	TP600 0762-4201/8000-0002 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4201/8000-0002 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4301/8000-0002	< HW rev. 072500
	TP600 0762-4301/8000-0002 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4302/8000-0002	< HW rev. 072500
	TP600 0762-4302/8000-0002 HW rev. <072500	< 04.08.05 (FW30)
	TP600 0762-4303/8000-0002	< HW rev. 062500
	TP600 0762-4303/8000-0002 HW rev. <062500	< 04.08.05 (FW30)
	TP600 0762-4304/8000-0002	< HW rev. 062500
	TP600 0762-4304/8000-0002 HW rev. <062500	< 04.08.05 (FW30)
	TP600 0762-4305/8000-0002	< HW rev. 052500
	TP600 0762-4305/8000-0002 HW rev. <052500	< 04.08.05 (FW30)
	TP600 0762-4306/8000-0001	< HW rev. 042500
	TP600 0762-4306/8000-0001 HW rev. <042500	< 04.08.05 (FW30)
	TP600 0762-4306/8000-0002	< HW rev. 042500
	TP600 0762-4306/8000-0002 HW rev. <042500	< 04.08.05 (FW30)
	TP600 0762-5201/8000-0001	< HW rev. 062500
	TP600 0762-5201/8000-0001 HW rev. <062500	< 04.08.05 (FW30)
	TP600 0762-5203/8000-0001	< HW rev. 062500
	TP600 0762-5203/8000-0001 HW rev. <062500	< 04.08.05 (FW30)
	TP600 0762-5204/8000-0001	< HW rev. 052500
	TP600 0762-5204/8000-0001	< HW rev. 052500
	TP600 0762-5204/8000-0001 HW rev. <052500	< 04.08.05 (FW30)
	TP600 0762-5204/8000-0001 HW rev. <052500	< 04.08.05 (FW30)
	TP600 0762-5205/8000-0001	< HW rev. 32500
	TP600 0762-5205/8000-0001 HW rev. <032500	< 04.08.05 (FW30)
	TP600 0762-5206/8000-0001	< HW rev. 042500
	TP600 0762-5206/8000-0001 HW rev. <042500	< 04.08.05 (FW30)

Summary

The vulnerability in the Ethernet switch circuit is caused by a PullUp resistor at the reset input, leading to premature activation and undefined operation. Switching to a PullDown resistor keeps the switch in reset. This issue affects the CC100, the Touch Panels 600 and the Edge Controller.

CVE ID

CVE-2025-41713

Last Update:

Sept. 12, 2025, 11:08 a.m.

Severity

6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Weakness

Initialization of a Resource with an Insecure Default (CWE-1188)

Summary

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.

Details

certvde.com

Impact

The vulnerability causes the Ethernet switch to operate in an undefined state due to early activation, leading to unstable system behavior and potential connectivity issues.

Solution

Remediation

To address this vulnerability, it is recommended to utilize a newer hardware revision equipped with Firmware 04.08.05 (FW30). This firmware version is designed to resolve the issue by properly managing the switch activation and configuration process on the revised hardware. It is important to note that older firmware versions will not resolve the problem on the new hardware revision, and therefore upgrading both the hardware and firmware is necessary for an effective remediation.

Reported by

CERT@VDE coordinated with Wago