WAGO: e!Cockpit Two Update Package Vulnerabilities
Monitor7.8VDE-2020-009Mar 9, 2020
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
The firmware update package (WUP) for WAGO 750-81xx/xxx-xxx, 750-82xx/xxx-xxx, 762-4xxx, 762-5xxx, and 762-6xxx controllers (FW12 and later) is not entirely signed. Only the rauc file portion is cryptographically signed; the rest of the WUP is protected only by a password intended to prevent accidental modifications. An attacker can manipulate the WUP file to inject additional files with malicious content. If an authorized user is tricked into installing a tampered WUP file, the injected files are copied to the device and executed with elevated privileges.
What this means
What could happen
An attacker could inject malicious files into a firmware update package and trick an authorized user into installing it, allowing the attacker's code to run with elevated privileges on the controller, potentially disrupting production processes or stealing sensitive data.
Who's at risk
This affects organizations running WAGO 750-81xx, 750-82xx, 762-4xxx, 762-5xxx, or 762-6xxx controllers in industrial control systems, including manufacturing plants, process automation, and utility automation environments that depend on these devices for real-time process control.
How it could be exploited
An attacker intercepts or modifies a WAGO firmware update package (WUP file) in transit or at rest by adding malicious files, since only part of the package is cryptographically signed. If an authorized user is tricked into installing the tampered package on a 750-81xx, 750-82xx, 762-4xxx, 762-5xxx, or 762-6xxx controller, the malicious files are installed and executed with elevated privileges on the device.
Prerequisites
- Ability to intercept or modify firmware update file before installation
- Ability to trick an authorized user into running the update (social engineering or compromised update distribution channel)
- Access to legitimate WAGO firmware update tools on the authorized user's workstation
No patch available (end-of-life products)Requires social engineering or supply chain compromiseMalicious code executes with elevated privilegesAffects firmware update mechanism—core trust boundary
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
WAGO 750-81xx/xxx-xxx≥ FW12No fix (EOL)
WAGO 750-82xx/xxx-xxx≥ FW12No fix (EOL)
WAGO 762-4xxx≥ FW12No fix (EOL)
WAGO 762-6xxx≥ FW12No fix (EOL)
WAGO 762-5xxx≥ FW12No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGAlways execute firmware updates only as the 'admin' user on the WAGO controller
WORKAROUNDVerify the hash/checksum of the WUP update package using WAGO-provided hash values before starting any firmware update
Long-term hardening
0/1WORKAROUNDUse out-of-band verification: have a second authorized person independently confirm the hash of the WUP file before applying updates
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: WAGO 750-81xx/xxx-xxx, WAGO 750-82xx/xxx-xxx, WAGO 762-4xxx, WAGO 762-6xxx, WAGO 762-5xxx. Apply the following compensating controls:
HARDENINGRestrict firmware update file downloads to WAGO's official website or trusted distribution channels; do not accept update files from email or untrusted sources
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c46d878f-6b66-4094-9a7c-56ec3ee60d19