WAGO: Web-Based Management Denial of Service

MonitorCVSS 7.5VDE-2020-007Mar 9, 2020

WAGOManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Web-Based Management (WBM) interface of WAGO PLC controllers can be disabled via a denial-of-service attack using specially crafted network requests. Because WAGO controllers are embedded devices with limited computational resources, they are vulnerable to resource exhaustion attacks that crash or hang the WBM service, preventing access to commissioning, configuration, and firmware update functions. The vulnerability affects all versions of PFC100, PFC200, and 762-series controllers. No vendor firmware patch is available; protection relies on network access controls.

What this means

What could happen

An attacker can send specially crafted network requests to crash or disable the web-based management interface on WAGO controllers, preventing legitimate engineers from accessing commissioning, configuration, and firmware update functions.

Who's at risk

Manufacturing plants using WAGO PFC100 (750-81xx), PFC200 (750-82xx), and 762 series controllers for process control, monitoring, or automation. Any facility that relies on web-based management for commissioning or firmware updates is affected.

How it could be exploited

An attacker with network access to the controller's web-based management port (typically port 80 or 443) can send specially crafted HTTP requests that consume the controller's limited resources, causing the WBM service to become unresponsive. No credentials are required.

Prerequisites

Network access to the WAGO controller's web management interface (port 80/443)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects device availability

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

750-81xx/xxx-xxx (PFC100)All versionsNo fix (EOL)

750-82xx/xxx-xxx (PFC200)All versionsNo fix (EOL)

762-4xxxAll versionsNo fix (EOL)

762-5xxxAll versionsNo fix (EOL)

762-6xxxAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to the web-based management interface—only allow access from trusted engineering workstations or networks using firewall rules

HARDENINGDo not connect the WAGO controller directly to the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGReview and implement WAGO's Cyber Security for Controller handbook guidance for your specific controller model

CVEs (1)

CVE-2019-5149

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7ef26662-14d5-46e8-95c0-3d77813ed612

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.