OTPulse
FeedAboutContact

WAGO IO 758 Default Linux Credentials

Low RiskICS-CERT ICSA-12-249-02Jun 9, 2012
Summary

WAGO I/O System 758 controllers (models 758-870, 758-874, 758-875, 758-876) ship with hardcoded default Linux credentials that cannot be changed by the vendor and are publicly documented. An attacker with network access can use these credentials to gain full shell access and command-line control of the device.

What this means
What could happen
An attacker with network access to the I/O System 758 could log in using default Linux credentials and gain full command-line control of the device, potentially altering I/O settings, stopping process communication, or disrupting the entire I/O subsystem your automation relies on.
Who's at risk
Water authorities and municipal utilities using WAGO I/O System 758 controllers (all four models: 758-870, 758-874, 758-875, 758-876) for remote I/O acquisition, field device communication, or distributed process control should apply these mitigations immediately. Any facility relying on these devices for real-time sensor data or discrete I/O switching is affected.
How it could be exploited
An attacker on your network (or with internet access if the device is exposed) connects to a WAGO 758 I/O System via SSH or telnet using publicly known default Linux credentials. Once authenticated, they have shell access to the device and can modify I/O configurations, read process data, or cause the device to stop communicating with your PLCs and control systems.
Prerequisites
  • Network connectivity to the WAGO 758 device (SSH port 22 or telnet port 23)
  • Knowledge of default Linux credentials (publicly documented)
  • No additional authentication or special configuration required
default credentialsno patch availableremotely exploitableno authentication change enforced at startup
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
I/O System 758: Model_758-870Model 758-870No fix (EOL)
I/O System 758: Model_758-874Model 758-874No fix (EOL)
I/O System 758: Model_758-875Model 758-875No fix (EOL)
I/O System 758: Model_758-876.Model 758-876.No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGChange default Linux credentials on all WAGO 758 I/O Systems to strong, unique passwords immediately
HARDENINGRestrict network access to WAGO 758 devices using firewall rules to allow SSH/telnet only from trusted engineering workstations or control networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGSegregate I/O System 758 devices onto a separate, protected control network segment isolated from general IT networks and the internet
HARDENINGImplement network access controls (ACLs, VLANs, or industrial firewalls) to limit which systems can reach the I/O devices
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: I/O System 758: Model_758-870, I/O System 758: Model_758-874, I/O System 758: Model_758-875, I/O System 758: Model_758-876.. Apply the following compensating controls:
HARDENINGMonitor for unauthorized SSH/telnet connections to WAGO 758 devices using network logs or device audit logs
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f1d7f58d-a249-42b4-afd5-6b2b72a0ae60
WAGO IO 758 Default Linux Credentials - OTPulse