WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Version <= FW03

Act Now9.1VDE-2020-028Sep 30, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Web-Based Management (WBM) interface used for administration, commissioning, and updates on WAGO 750-series PLCs contains an authentication bypass vulnerability. Attackers can send specially crafted requests to change device parameters without providing valid credentials. Affected firmware versions are FW03 and earlier on 750-362, 750-363, 750-823, 750-832/xxx-xxx, 750-862, 750-890/0xx-xxx, and 750-891 models.

What this means

What could happen

An attacker on your network can bypass authentication on WAGO PLCs and modify critical parameters without credentials, potentially disrupting production processes or compromising system behavior.

Who's at risk

Manufacturing sites using WAGO 750-series programmable logic controllers (PLCs), particularly the 750-36X and 750-8XX models, which are common in process automation, packaging, conveyor control, and facility management systems.

How it could be exploited

An attacker sends specially crafted HTTP/HTTPS requests to the Web-Based Management interface (ports 80 or 443) on a vulnerable PLC. The authentication check is bypassed, allowing the attacker to change configuration parameters that control process logic, setpoints, or system settings.

Prerequisites

Network access to the PLC on port 80 or 443
No credentials required
Device must be running firmware version FW03 or earlier

Remotely exploitableNo authentication requiredLow complexity exploitationHigh CVSS score (9.1)Affects control system logic and operations

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

750-362≤ FW03>FW03

750-363≤ FW03>FW03

750-823≤ FW03>FW03

750-832/xxx-xxx≤ FW03>FW03

750-862≤ FW03>FW03

750-890/0xx-xxx≤ FW03>FW03

750-891≤ FW03>FW03

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable Web-Based Management ports 80 and 443 on PLCs after configuration and commissioning are complete

HARDENINGRestrict network access to the PLC using firewall rules—only allow engineering workstations or IT management systems to reach the device

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all WAGO 750-36X and 750-8XX controllers to firmware version later than FW03

HARDENINGDisable unused TCP and UDP ports on the PLC

Long-term hardening

0/1

HARDENINGDo not connect the PLC directly to the internet or expose it to untrusted networks

CVEs (1)

CVE-2020-12506

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ba15ab8a-7fcd-4a64-a020-b0ec28319379