WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

Act Now9.8ICS-CERT ICSA-19-164-02Jun 13, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505 contain hardcoded credentials and exposed management interfaces that allow unauthenticated remote attackers to gain root access to the operating system (CWE-798, CWE-321). Successful exploitation results in complete compromise of the switch, allowing attackers to disrupt network communication, alter routing, or prevent the device from operating entirely. No public exploits are currently known.

What this means

What could happen

An attacker with network access to these switches could gain root access to the operating system and completely disrupt switch operations, severing communication between connected equipment and control systems.

Who's at risk

Manufacturing facilities using WAGO Industrial Managed Switches (852-303, 852-1305, 852-1505) for plant floor network infrastructure are affected. Any organization with these switches in critical process networks—such as those connecting PLCs, sensors, motor drives, or safety systems—should prioritize remediation.

How it could be exploited

An attacker on the network can reach the managed switch remotely without authentication due to hardcoded credentials or exposed management interfaces. Once connected, the attacker executes commands with root privileges, allowing them to alter routing tables, block traffic, or modify configuration to disable the switch entirely.

Prerequisites

Network access to the managed switch management interface (SSH, HTTP, or Modbus TCP)
No credentials required; vulnerability allows unauthenticated access or uses hardcoded credentials
Switch must be firmware version prior to vendor-specified fixed versions

remotely exploitableno authentication requiredlow complexityaffects network infrastructure supporting control systemsroot access achievable

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Industrial Managed Switch 852-303: All< 1.2.2.S0v1.2.2.S0

Industrial Managed Switch 852-1305: All< 1.1.6.S0v1.1.6.S0

Industrial Managed Switch 852-1505: All< 1.1.5.S0v1.1.5.S0

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDRestrict network access to the managed switch using access control lists (ACLs) on upstream network devices

WORKAROUNDRestrict or disable SSH server access if not required for operations

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO 852-303 to firmware v1.2.2.S0 or later

HOTFIXUpdate WAGO 852-1305 to firmware v1.1.6.S0 or later

HOTFIXUpdate WAGO 852-1505 to firmware v1.1.5.S0 or later

Long-term hardening

0/2

HARDENINGDo not connect the device directly to the Internet

HARDENINGIsolate control system networks behind firewalls and separate from business network

CVEs (2)

CVE-2019-12550 CVE-2019-12549

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/32005d2d-851f-4e17-8e0e-2505f56a7e7f