VDE-2023-037 | CERT@VDE

2023-11-21 08:00 (CET) VDE-2023-037

WAGO: Remote Code execution vulnerability in managed Switches

Share: Email | Twitter

ID

VDE-2023-037

Published

2023-11-21 08:00 (CET)

Last update

2023-11-10 07:53 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
0852-0602	Industrial Managed Switch	< 1.0.6.S0
0852-0603	Industrial Managed Switch	< 1.0.6.S0
0852-1605	Industrial Managed Switch	< 1.2.5.S0

Summary

Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.

CVE ID

CVE-2023-4149

Last Update:

22. September 2023 15:29

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Summary

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

Details

cert.vde.com

Impact

An unprivileged attacker can fully compromise the system and access all files.

Solution

Mitigation

Restrict network access to the device.
Do not directly connect the device to the internet.

Remediation

WAGO recommends all affected users of products 0852-0602, 0852-0603 to update to firmware version 1.0.6.S0 and all affected users of 852-1605 to update to firmware version 1.2.5.S0.

Reported by

The vulnerability was reported by INTILION AG and GAI NetConsult.
Coordination done by CERT@VDE.