WAGO: Vulnerabilities in ctrlX OS app

Plan Patch8.8VDE-2025-040Jun 16, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in the WAGO ctrlX OS Device Admin and Solutions applications affecting WAGO Hardware Edge Controller 0752-8303_8000-0002. These vulnerabilities relate to improper input validation, privilege escalation, path traversal, and information disclosure (CWE-78, CWE-916, CWE-23, CWE-204). A low-privileged authenticated attacker could execute arbitrary OS commands with elevated privileges, potentially achieving full compromise of the controller and disruption of connected industrial processes.

What this means

What could happen

A low-privileged authenticated attacker could execute arbitrary OS commands on WAGO Hardware Edge Controllers with elevated privileges, potentially disrupting industrial processes, modifying setpoints, or accessing sensitive configuration data.

Who's at risk

Water authorities and municipal electric utilities operating WAGO Hardware Edge Controllers (model 0752-8303_8000-0002) for process automation, SCADA integration, or edge computing should prioritize patching. Any facility using these controllers for critical process control, data acquisition, or remote device management is at risk.

How it could be exploited

An attacker with valid low-privileged credentials logs into the ctrlX OS Device Admin or Solutions interface and exploits input validation or privilege escalation vulnerabilities (CWE-78, CWE-916) to run arbitrary commands with higher privileges on the controller.

Prerequisites

Valid low-privileged user credentials for the ctrlX OS interface
Network access to the WAGO Hardware Edge Controller management port/interface
ctrlX OS Device Admin or Solutions application accessible on the device

remotely exploitableauthentication required but low-privilegedlow complexity attackhigh CVSS score (8.8)affects process control systems

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WAGO Hardware Edge Controller 0752-8303_8000-0002<2.6.1Fix available

WAGO Hardware Edge Controller 0752-8303_8000-0002<2.6.9Fix available

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the ctrlX OS management interface to trusted engineering workstations only using firewall rules

HARDENINGDisable or remove low-privileged user accounts that are not actively needed for normal operations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO Hardware Edge Controller Device Admin to version 2.6.9 or later

HOTFIXUpdate WAGO Hardware Edge Controller Solutions to version 2.6.1 or later

CVEs (15)

CVE-2025-24338 CVE-2025-24339 CVE-2025-24340 CVE-2025-24341 CVE-2025-24342 CVE-2025-24343 CVE-2025-24344 CVE-2025-24345 CVE-2025-24346 CVE-2025-24347 CVE-2025-24348 CVE-2025-24349 CVE-2025-24350 CVE-2025-24351 CVE-2025-27532

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c1388c6d-46b8-4062-a9f3-a2a24b54e18f