WAGO: Multiple Vulnerabilities in I/O-Check Service

Plan Patch7.8VDE-2020-011Mar 9, 2020

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in the I/O-Check service on WAGO industrial controllers (750-81xx, 750-82xx, 762-4xxx, 762-5xxx, 762-6xxx series) running firmware versions older than FW16. A local attacker with valid device login credentials can create files to modify device settings including default gateway and time server addresses, or execute arbitrary code. The I/O-Check service is only required during installation and commissioning, not during normal operations.

What this means

What could happen

A local attacker with valid device credentials could alter critical device settings like gateway or time server addresses, or potentially execute arbitrary code on the PLC controller. This could disrupt plant operations or enable persistent backdoor access.

Who's at risk

Operators of WAGO industrial controllers (PFC100, PFC200, and 762-series PLCs) used in manufacturing, water treatment, and electrical distribution applications. These devices are typically deployed in control cabinets for process automation and must be protected from unauthorized credential abuse.

How it could be exploited

An attacker with valid login credentials to the WAGO device can access the I/O-Check service and create files that modify device configuration or inject executable code, gaining control over device behavior and network settings.

Prerequisites

Valid login credentials to the WAGO device
Local or network access to the I/O-Check service port
Ability to create files on the device
Device running firmware version older than FW16

No patch availableRequires valid credentialsLocal access requiredAffects automation and control systems

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Hardware 750-82xx/xxx-xxx (PFC200)<FW16FW16

Hardware 762-4xxx<FW16FW16

Pepperl+Fuchs Hardware 762-5xxx<FW16FW16

Hardware 762-6xxx<FW16FW16

Hardware 750-81xx/xxx-xxx (PFC100)<FW16FW16

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDisable the I/O-Check service immediately after device commissioning is complete

HARDENINGRestrict network access to the device using firewall rules to allow only necessary traffic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDisable all unused TCP and UDP ports on the device

Long-term hardening

0/1

HARDENINGEnsure device is not directly connected to the internet; use network segmentation to isolate from untrusted networks

CVEs (20)

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2cd76547-ebd2-4d9d-9bf8-90b44e692889