OTPulse
FeedAboutContact

WAGO Ethernet Web-based Management Authentication Bypass Vulnerability

Act Now9.1ICS-CERT ICSA-16-357-02Sep 25, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

WAGO Ethernet Web-based Management Authentication Bypass Vulnerability. The web management interface on affected WAGO controllers contains an authentication bypass flaw that allows unauthenticated access to the device's configuration and management functions. An attacker can bypass login requirements and gain full access to the web interface without providing valid credentials.

What this means
What could happen
An attacker with network access to the web management port could bypass login and gain full control of the WAGO controller's configuration, potentially modifying PLC logic, process parameters, or halting operations without requiring any password or credentials.
Who's at risk
Water utilities, municipal electric systems, and other facilities operating WAGO PLC controllers (750-8202/PFC200, 750-881, 0758-0874-0000-0111) with Ethernet connectivity and web-based management enabled. This affects any site using these controllers for critical process automation or control logic.
How it could be exploited
An attacker on the network (or via the internet if the management interface is exposed) sends a crafted HTTP request to the web management interface on the WAGO controller. The authentication bypass vulnerability allows the attacker to skip the login step and directly access the administrative panel to view and modify controller settings, logic programs, or operational parameters.
Prerequisites
  • Network access to the WAGO controller's web management interface (typically port 80 or 443)
  • No valid credentials required
  • Web management interface must be enabled on the device
remotely exploitableno authentication requiredlow complexityaffects industrial control systemsno patch availablecritical CVSS score (9.1)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
WAGO 750-8202/PFC200: <FW04<FW04No fix (EOL)
WAGO 750-881: <FW09<FW09No fix (EOL)
WAGO 0758-0874-0000-0111: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the WAGO controller's web management interface using a firewall or network segmentation—allow access only from authorized engineering workstations or administrative networks
WORKAROUNDDisable the web management interface on the WAGO controller if it is not required for normal operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate WAGO controllers in a separate administrative VLAN with restricted access
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: WAGO 750-8202/PFC200: <FW04, WAGO 750-881: <FW09, WAGO 0758-0874-0000-0111: vers:all/*. Apply the following compensating controls:
HARDENINGMonitor network traffic to and from the WAGO controller for unauthorized access attempts to the management interface
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/93d83092-38aa-472b-bba5-8f3369aed446
WAGO Ethernet Web-based Management Authentication Bypass Vulnerability | CVSS 9.1 - OTPulse