WAGO: Vulnerability in hardware switch circuit

Monitor6.5VDE-2025-083Sep 15, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A hardware design flaw in the Ethernet switch circuit affects WAGO Edge Controllers, Touch Panels TP600, and Compact Controllers CC100. The issue stems from an incorrect pull-up resistor at the reset input, causing premature activation and undefined operation of the switch. Proper operation requires a pull-down resistor configuration. Most affected devices can be remediated with firmware version 04.08.05 (FW30), though this firmware alone will not resolve the issue on older hardware revisions—both hardware and firmware updates are necessary. Two specific product variants (TP600 0762-4302/8000-0002 and TP600 0762-5204/8000-0001) do not have firmware fixes available and require hardware replacement.

What this means

What could happen

A hardware design flaw in the Ethernet switch circuit can cause these WAGO controllers and touch panels to malfunction or operate unpredictably, potentially disrupting communication with field devices and automation processes in your facility.

Who's at risk

WAGO Edge Controller 0752-8303/8000-0002 and Touch Panel TP600 series (models 0762-4101, 0762-4102, 0762-4103, 0762-4201, 0762-4301, 0762-4302, 0762-4303, 0762-4304, 0762-4305, 0762-4306, 0762-5201, 0762-5203, 0762-5204, 0762-5205, 0762-5206) and Compact Controller CC100 series (models 0751-9301, 0751-9401, 0751-9402, 0751-9403) used in water utilities, municipal electric systems, and manufacturing plants for automation and process control.

How it could be exploited

No active exploitation required. The vulnerability is a hardware design flaw in the Ethernet switch reset circuitry that causes undefined behavior during normal operation. An attacker does not need to exploit this; the devices can fail or behave erratically on their own due to the faulty pull-up resistor design.

Prerequisites

- Device must be running firmware version earlier than 04.08.05 - Device must be one of the affected WAGO Edge Controller, TP600, or CC100 hardware models listed - Physical or remote access to perform firmware update is required

Hardware design flaw in Ethernet switch circuitAffects critical control devices (PLCs, edge controllers, touch panels)Causes unpredictable operation and potential communication failuresTwo product variants have no fix available

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (24)

22 with fix2 pending

ProductAffected VersionsFix Status

Edge Controller 0752-8303/8000-0002 32500<04.08.0504.08.05

Hardware TP600 0762-4101 <072500<04.08.0504.08.05

Hardware TP600 0762-4102 <072500<04.08.0504.08.05

Hardware TP600 0762-4103 <062500<04.08.0504.08.05

Hardware TP600 0762-4201/8000-0001 <072500<04.08.0504.08.05

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected Edge Controller and Touch Panel devices to firmware version 04.08.05 (FW30) or later

Long-term hardening

0/1

HARDENINGFor Hardware TP600 0762-4302/8000-0002 and Hardware TP600 0762-5204/8000-0001 (no patch available): plan replacement with newer hardware revision equipped with the corrected Ethernet switch circuit design

CVEs (1)

CVE-2025-41713

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d0334c51-d182-4c72-93e9-939e8ba57df1