WAGO: Vulnerabilities in ctrlX OS app

Plan PatchCVSS 8.8VDE-2025-040Jun 16, 2025

WAGOBosch Rexroth

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

WAGO ctrlX OS Device Admin and Solutions apps contain multiple vulnerabilities (CWEs: 116, 644, 916, 770, 204, 23, 81, 1286, 78, 312) that allow a remote authenticated low-privilege user to execute arbitrary OS commands with elevated privileges. An attacker with valid credentials could escalate privileges and run commands on the Edge Controller, potentially compromising control logic and operational integrity.

What this means

What could happen

A low-privileged authenticated user could execute arbitrary operating system commands with elevated privileges on WAGO Edge Controllers, potentially allowing them to alter control logic, stop operations, or disrupt critical infrastructure processes.

Who's at risk

This advisory affects WAGO Hardware Edge Controllers (model 0752-8303_8000-0002) and potentially other WAGO ctrlX-based controllers used in industrial automation, manufacturing, smart grid control systems, and building automation. Any organization running the Device Admin or Solutions app on these devices should apply the fixes immediately.

How it could be exploited

An attacker with valid low-privilege user credentials (such as a contractor account or compromised employee credentials) could access the ctrlX OS web interface or API, upload or manipulate a payload through the Device Admin or Solutions app, and execute arbitrary OS commands that run with higher system privileges to compromise the controller.

Prerequisites

Valid low-privilege user account with access to WAGO ctrlX OS Device Admin or Solutions app
Network access to the Edge Controller management interface (typically HTTP/HTTPS on port 443 or similar)
Edge Controller must be running a vulnerable version (Solutions <2.6.1 or Device Admin <2.6.9)

remotely exploitablelow complexityhigh CVSS score (8.8)affects native OT deviceprivilege escalation

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WAGO Hardware Edge Controller 0752-8303_8000-0002<2.6.1Fix available

WAGO Hardware Edge Controller 0752-8303_8000-0002<2.6.9Fix available

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the ctrlX OS management interface (HTTP/HTTPS port) to trusted engineering workstations only using firewall rules

HARDENINGReview and remove or disable any unnecessary low-privilege user accounts; ensure all remaining accounts have strong passwords

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO Solutions app to version 2.6.1 or later

HOTFIXUpdate WAGO Device Admin app to version 2.6.9 or later

CVEs (15)

CVE-2025-24339 CVE-2025-24341 CVE-2025-24343 CVE-2025-24344 CVE-2025-24346 CVE-2025-24348 CVE-2025-24350 CVE-2025-27532 CVE-2025-24338 CVE-2025-24340 CVE-2025-24342 CVE-2025-24345 CVE-2025-24347 CVE-2025-24349 CVE-2025-24351

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c1388c6d-46b8-4062-a9f3-a2a24b54e18f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.