Share: Email | Twitter

ID

VDE-2020-008

Published

2020-03-09 10:15 (CET)

Last update

2020-03-09 10:15 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
750-81xx/xxx-xxx (PFC100) >= FW11
750-82xx/xxx-xxx (PFC200) >= FW11
762-4xxx >= FW11
762-5xxx >= FW11
762-6xxx >= FW11

Summary

The Cloud Connectivity of the WAGO PLCs is used to connect the device with the cloud services from different providers. It also supports maintenance functionality with the firmware update function from the WAGO cloud.
An attacker needs an authorized login with administrative privileges on the device in order to exploit the mentioned vulnerabilities.

Vulnerabilities



Weakness
Improper Input Validation (CWE-20)
Summary

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the ...

Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter ...

Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter ...

Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the ...

Impact

These vulnerabilities allow an attacker which has admin privileges, an Azure cloud account and access to the device to redirect the cloud connection. With thus he is able to get sensitive data.

Solution

Mitigation

Follow the instructions in WAGOs handbook Cyber Security for Controller
Restrict network access to the device.
Do not directly connect the device to the internet

Solution

Use strong passwords for all user accounts, especially for administrative user accounts on the device.

Reported by

These vulnerabilities were reported by Kelly Leuschner of Cisco Talos to WAGO.
Coordination done by CERT@VDE.