WAGO: Multiple Vulnerabilities in CODESYS components

Plan Patch7.5VDE-2025-062Nov 3, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple CODESYS vulnerabilities in WAGO firmware allow unauthenticated remote attackers to read sensitive data from the runtime, visualization components, and OPC UA server. Affected devices include CC100, PFC100 (G1 and G2), PFC200 (G1 and G2), TP600, Edge Controller, and Basic Controller. Only PFC100 G1, PFC200 G1, and Basic Controller have vendor patches available. Remaining models have no fix planned.

What this means

What could happen

An attacker on the network could read sensitive data from WAGO controllers and their visualizations without authentication, potentially exposing process values, credentials, or configuration details. Some affected models have no available patch, leaving them permanently vulnerable.

Who's at risk

Water utilities, electric utilities, and manufacturers using WAGO PLC controllers (CC100, PFC100/G2, PFC200/G2, TP600, Edge Controller, Basic Controller) running CODESYS runtime or OPC UA servers for process control and visualization. Operators of any industrial process relying on these controllers for automation and monitoring.

How it could be exploited

An attacker can send network requests to the CODESYS runtime or OPC UA server on the affected WAGO device to access data or bypass path restrictions. No credentials or special complexity required—the vulnerability is remotely exploitable from any network-connected machine.

Prerequisites

Network access to the WAGO device on the network segment where it operates
Device running affected firmware version
CODESYS runtime or OPC UA server active on the device

remotely exploitableno authentication requiredlow complexityno patch available for majority of affected modelsaffects core runtime and OPC UA serverdata disclosure risk

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (23)

3 with fix20 EOL

ProductAffected VersionsFix Status

PFC100 G1 0750-810x/xxxx-xxxx<03.10.1103.10.11

PFC200 G1 750-820x-xxx-xxx<03.10.1103.10.11

CC100 0751-9x01<04.08.01No fix (EOL)

CC100 0751-9x01<04.08.01 (70)No fix (EOL)

PFC100 G2 0750-811x-xxxx-xxxx<04.08.01No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDFor CC100, PFC100 G2, PFC200 G2, TP600, and Edge Controller models with no vendor fix: contact WAGO support for custom firmware or workaround options

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PFC100 G1 (0750-810x/xxxx-xxxx) to firmware version 03.10.11 or later

HOTFIXUpdate PFC200 G1 (750-820x-xxx-xxx) to firmware version 03.10.11 or later

HOTFIXUpdate Basic Controller (0750-800x) to firmware version 01.05.01 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: CC100 0751-9x01, CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x/8000-000x, TP600 0762-420x/8000-000x, TP600 0762-430x/8000-000x, TP600 0762-430x/8000-000x, TP600 0762-520x/8000-000x, TP600 0762-520x/8000-000x, TP600 0762-530x/8000-000x, TP600 0762-530x/8000-000x, TP600 0762-620x/8000-000x, TP600 0762-620x/8000-000x, TP600 0762-630x/8000-000x, TP600 0762-630x/8000-000x, Edge Controller 0752-8303/8000-0002, Edge Controller 0752-8303/8000-0002. Apply the following compensating controls:

HARDENINGRestrict network access to WAGO devices using a firewall or network segmentation to allow only authorized engineering workstations and SCADA systems to communicate with them

HARDENINGDisable OPC UA server on WAGO devices if not in use

CVEs (3)

CVE-2025-0694 CVE-2025-1468 CVE-2025-2595

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9442d097-4884-43e2-af58-4a5089a2a18a