Share: Email | Twitter




2020-06-10 10:00 (CEST)

Last update

2020-06-26 14:09 (CEST)




The following products are affected by the listed vulnerabilities:

  • Series PFC100 (750-81xx/xxx-xxx)
  • Series PFC200 (750-82xx/xxx-xxx)
  • 762-4xxx Wago Touch Panel 600 Standard Line
  • 762-5xxx Wago Touch Panel 600 Advanced Line
  • 762-6xxx Wago Touch Panel 600 Marine Line

All FW versions are affected.


The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. 

An attacker needs an authorized login with administrative privileges on the device in order to exploit the herein mentioned vulnerability.

 An authenticated attacker who has access to the Web Based Management (WBM) could use the software upload functionality to install software package with root privileges. This fact could be potentially used to manipulate the device or to get control of the device.

Vuln. Type

Improper Privilege Management  (CWE-269) 


An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.


Based on the described issue, an authenticated attacker is able to install software packages with extended rights. This is an intended functionality to provide the user with a convenient way to install software on the device.


In previous versions of the WAGO product manuals, a distinction between the WBM and the Linux system was made. This information was misleading and WAGO has corrected this in current versions of the manuals, which are expected to be update in June 2020.

 Valid from FW version 03.04.10(16) / chapter


  • Use strong passwords for administrative accounts on the device
  • Follow the instructions in WAGOs handbook Cyber Security for Controller
  • Restrict network access to the device.
  • Do not directly connect the device to the internet

Reported by

These vulnerabilities were reported by Kelly Leuschner of Cisco Talos to WAGO.
Coordination done by CERT@VDE.