WAGO: Web-Based Management Denial of Service

Monitor7.5VDE-2020-007Mar 9, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Web-Based Management (WBM) interface of WAGO PLC controllers can be disabled via a denial-of-service attack using specially crafted network requests. Because WAGO controllers are embedded devices with limited computational resources, they are vulnerable to resource exhaustion attacks that crash or hang the WBM service, preventing access to commissioning, configuration, and firmware update functions. The vulnerability affects all versions of PFC100, PFC200, and 762-series controllers. No vendor firmware patch is available; protection relies on network access controls.

What this means

What could happen

An attacker can send specially crafted network requests to crash or disable the web-based management interface on WAGO controllers, preventing legitimate engineers from accessing commissioning, configuration, and firmware update functions.

Who's at risk

Manufacturing plants using WAGO PFC100 (750-81xx), PFC200 (750-82xx), and 762 series controllers for process control, monitoring, or automation. Any facility that relies on web-based management for commissioning or firmware updates is affected.

How it could be exploited

An attacker with network access to the controller's web-based management port (typically port 80 or 443) can send specially crafted HTTP requests that consume the controller's limited resources, causing the WBM service to become unresponsive. No credentials are required.

Prerequisites

Network access to the WAGO controller's web management interface (port 80/443)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects device availability

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

750-81xx/xxx-xxx (PFC100)All versionsNo fix (EOL)

750-82xx/xxx-xxx (PFC200)All versionsNo fix (EOL)

762-4xxxAll versionsNo fix (EOL)

762-5xxxAll versionsNo fix (EOL)

762-6xxxAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to the web-based management interface—only allow access from trusted engineering workstations or networks using firewall rules

HARDENINGDo not connect the WAGO controller directly to the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGReview and implement WAGO's Cyber Security for Controller handbook guidance for your specific controller model

CVEs (1)

CVE-2019-5149

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7ef26662-14d5-46e8-95c0-3d77813ed612