WAGO: Cloud Connectivity Multiple Vulnerabilities

Act Now9.1VDE-2020-008Mar 9, 2020

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

The Cloud Connectivity feature in WAGO PLCs (PFC100, PFC200, and 762-series with firmware ≥11) allows connection to cloud services and supports remote firmware updates. Multiple input validation and command execution vulnerabilities (CWE-20, CWE-78) exist in this feature. An attacker with administrative privileges can exploit these to execute arbitrary commands or inject malicious input, potentially compromising device operation and control logic.

What this means

What could happen

An attacker with admin credentials on a WAGO PLC could exploit cloud connectivity vulnerabilities to execute arbitrary commands or modify device configuration, potentially disrupting manufacturing processes or enabling further system compromise.

Who's at risk

Manufacturing facilities using WAGO PFC100, PFC200, and 762-series PLCs (firmware version 11 or later) that rely on cloud connectivity for remote maintenance or monitoring. Water utilities, power systems, or any discrete or process manufacturing environment using these controllers should assess risk based on whether cloud features are active and how admin credentials are protected.

How it could be exploited

An attacker must first obtain administrative credentials (through phishing, credential theft, or default passwords). Once logged in with admin privileges, they can exploit the cloud connectivity feature to inject malicious input or execute arbitrary code on the PLC, affecting production logic or enabling lateral movement into the control network.

Prerequisites

Administrative user credentials on the PLC
Network access to the PLC (local network or internet if cloud connectivity is enabled)
Knowledge of the cloud connectivity interface or the ability to reverse-engineer it

no patch availableadministrative authentication required but vulnerable to credential compromisehigh CVSS score (9.1)

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

750-81xx/xxx-xxx (PFC100)≥ FW11No fix (EOL)

762-4xxx≥ FW11No fix (EOL)

762-5xxx≥ FW11No fix (EOL)

762-6xxx≥ FW11No fix (EOL)

750-82xx/xxx-xxx (PFC200)≥ FW11No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGEnforce strong, unique passwords for all administrative user accounts on WAGO PLCs; change any default credentials immediately

HARDENINGRestrict network access to WAGO PLCs to only authorized engineering and monitoring systems; use firewall rules to block unnecessary inbound and outbound connections

HARDENINGDo not connect WAGO PLCs directly to the internet; isolate them on a protected internal network segment

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGReview and apply WAGO's Cyber Security for Controller handbook guidance for your firmware version

WORKAROUNDDisable cloud connectivity features if not actively required for operations; if enabled, monitor cloud communication for anomalies

CVEs (4)

CVE-2019-5160 CVE-2019-5156 CVE-2019-5157 CVE-2019-5155

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/df3955de-ffe3-46c7-9ae9-a2f5f2b007d9