WAGO: Vulnerabilities in WAGO Device Manager
Monitor6.5VDE-2025-018Jun 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Vulnerabilities in the WAGO Device Manager (included in device firmware) allow unauthenticated attackers to access the embedded web server and read files from the device file system. The Device Manager lacks proper origin validation and authentication checks on an endpoint that provides file system read access. This affects multiple WAGO automation controller and panel models across firmware versions below 04.07.01 and 03.10.11.
What this means
What could happen
An attacker could read files from the device's file system or make requests that the device processes, potentially exposing configuration data, credentials, or operational parameters that control your automation equipment.
Who's at risk
Water and wastewater treatment facilities, electric utilities, and manufacturing plants using WAGO PLC and controller products for automation and process control should care about this vulnerability. Affected devices include WAGO CC100, PFC100 G1/G2, PFC200 G1/G2, TP600 touchpanel controllers, and Edge Controller units used for local process control and device management.
How it could be exploited
An attacker on the network sends a crafted web request to the WAGO Device Manager interface (port 80/443). Because the manager lacks proper origin and authentication checks, the request is processed. The attacker can then read files from the device file system or inject custom header values into server responses, potentially extracting sensitive configuration or operational data.
Prerequisites
- Network access to the WAGO device on the port running Device Manager (typically 80 or 443)
- No authentication required
- User interaction not required for file system read attacks
remotely exploitableno authentication requiredlow complexityfile system access possiblemost models have no fix available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (22)
2 with fix20 EOL
ProductAffected VersionsFix Status
PFC100 G1 0750-810x/xxxx-xxxx<03.10.1103.10.11
PFC200 G1 750-820x-xxx-xxx<03.10.1103.10.11
CC100 0751-9x01<04.07.01No fix (EOL)
CC100 0751-9x01<04.07.01 (70)No fix (EOL)
PFC100 G2 0750-811x-xxxx-xxxx<04.07.01No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict network access to the WAGO Device Manager interface (port 80/443) to authorized engineering workstations and management networks only using firewall rules or network segmentation
WORKAROUNDDisable remote management features on WAGO devices if not actively required for operations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate PFC100 G1 (0750-810x/xxxx-xxxx) to firmware version 03.10.11 or later
HOTFIXUpdate PFC200 G1 (750-820x-xxx-xxx) to firmware version 03.10.11 or later
HOTFIXContact WAGO support for custom firmware updates for CC100, PFC100 G2, PFC200 G2, TP600, and Edge Controller models currently without vendor fixes
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: CC100 0751-9x01, CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x/8000-000x, TP600 0762-420x/8000-000x, TP600 0762-430x/8000-000x, TP600 0762-430x/8000-000x, TP600 0762-520x/8000-000x, TP600 0762-520x/8000-000x, TP600 0762-530x/8000-000x, TP600 0762-530x/8000-000x, TP600 0762-620x/8000-000x, TP600 0762-630x/8000-000x, TP600 0762-630x/8000-000x, Edge Controller 0752-8303/8000-0002, Edge Controller 0752-8303/8000-0002, TP600 0762-620x/8000-000x. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate WAGO devices on a management VLAN separate from production networks and untrusted systems
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/17e9ce4d-46ab-4e0c-9cbc-a557d4ec1caf