WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
Plan Patch8.2VDE-2020-027Sep 30, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Web-Based Management (WBM) interface of WAGO 750-8XX series PLCs does not properly validate authentication for certain parameter changes. An attacker can send specially crafted requests to modify configuration parameters without providing credentials. Affected models include the 750-831, 750-852, 750-880, 750-881, 750-882, 750-885, and 750-889 controllers running firmware FW07 or earlier. The vendor has released firmware FW08 which corrects this authentication bypass.
What this means
What could happen
An attacker on your network can bypass authentication on WAGO 750-8XX PLCs and modify critical parameters without a password, potentially altering process control settings or disabling safety functions.
Who's at risk
Building automation and manufacturing facilities using WAGO 750-8XX series BACnet/IP controllers for HVAC, process control, or facility management. The vulnerability affects any site where these PLCs are deployed on a network with untrusted or multi-tenant access.
How it could be exploited
An attacker crafts specially formed HTTP requests to the web-based management interface (port 80 or 443) and sends them to the PLC without providing credentials. The vulnerability allows parameter changes that would normally require authentication, enabling modification of process setpoints or operational behavior.
Prerequisites
- Network access to the PLC on TCP ports 80 or 443
- Web-based management interface enabled on the device
Remotely exploitableNo authentication requiredLow complexity attackAffects industrial control systemsVendor patch available
Affected products (7)
7 with fix
ProductAffected VersionsFix Status
BACnet/IP Controller 750-831/xxx-xxx≤ FW07FW08
BACnet/IP Controller 750-852≤ FW07FW08
BACnet/IP Controller 750-880/xxx-xxx≤ FW07FW08
BACnet/IP Controller 750-881≤ FW07FW08
BACnet/IP Controller 750-882≤ FW07FW08
Controller 750-885/xxx-xxx≤ FW07FW08
BACnet/IP Controller 750-889≤ FW07FW08
Remediation & Mitigation
0/5
Do now
0/3HARDENINGRestrict network access to each WAGO PLC—only allow connections from authorized engineering workstations and management systems
WORKAROUNDDisable TCP ports 80 and 443 on the web-based management interface after commissioning and configuration are complete
HARDENINGDo not directly connect WAGO PLCs to the internet; keep them on isolated plant networks only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate all affected WAGO 750-8XX controllers (750-831, 750-852, 750-880, 750-881, 750-882, 750-885, 750-889) to firmware FW08 or later
HARDENINGDisable any unused TCP/UDP ports on affected devices
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2f1aec5d-a6e3-43e8-8fc9-804048389a51