WAGO: Exposure of configuration interface in unmanaged switches

Act Now9.1VDE-2022-055Feb 16, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

An undocumented and unknown configuration interface exists on WAGO unmanaged switches. The interface has limited functionality but can be accessed remotely without authentication from any network-connected host. Exploitation allows information disclosure about the switch and network, and can cause denial-of-service conditions against the device itself, disrupting network connectivity to downstream control systems.

What this means

What could happen

An attacker on the network can access a hidden configuration interface on WAGO unmanaged switches to perform reconnaissance and cause device unavailability, potentially disrupting network connectivity to critical control systems in your plant.

Who's at risk

Water and electric utility operators who use WAGO unmanaged switches in control networks, particularly those connecting PLCs, RTUs, and other industrial devices. These switches are commonly used in substation automation, SCADA systems, and process control networks.

How it could be exploited

An attacker with network access to the switch can reach the undocumented configuration interface without credentials. They can query the interface to discover network topology and device information, and may be able to cause a denial-of-service condition against the switch itself.

Prerequisites

Network access to the WAGO unmanaged switch (same network segment or routed path)
No credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS scoreaffects network availability

Affected products (1)

ProductAffected VersionsFix Status

Unmanaged Switch01Fix available

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to WAGO unmanaged switches—place them on a protected control network segment and use firewall rules to limit access to authorized engineering workstations only

HARDENINGDo not directly connect the device to the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact WAGO support to obtain the firmware update that fixes the configuration interface exposure

CVEs (1)

CVE-2022-3843

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/12d334e4-f9eb-4097-b00a-8805d4e8e04b