Share: Email | Twitter




2024-03-13 09:30 (CET)

Last update

2024-03-13 09:31 (CET)


WAGO GmbH & Co. KG


Article No┬░ Product Name Affected Version(s)
750-831/xxx-xxx Controller BACnet/IP <= FW13
750-829 Controller BACnet MS/TP <= FW13
750-88x/xxx-xxx Ethernet Controller 3rd Generation <= FW13
750-852 Ethernet Controller 3rd Generation <= FW13
750-352/xxx-xxx Fieldbus Coupler Ethernet 3rd Generation <= FW13


The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates.

The option to change the configuration data via tools or the web-based-management enabled attackers to prepare cross-site-scripting attacks and under specific circumstances perform remote code execution.


Last Update
Oct. 12, 2023, 3:32 p.m.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.

Last Update
Oct. 12, 2023, 3:32 p.m.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

The configuration data page of the web-based-management of affected devices has been vulnerable to stored XSS (Cross-Site Scripting) attacks. This leads to a limited impact of confidentiality and integrity but no impact of availability.


The web-based management of affected products is vulnerable to Reflective Cross-Site Scripting. This can be used to install malicious code and to gain access to confidential information on a System that connects to the WBM after it has been compromised.

Additionally, the affected products contain a buffer overflow vulnerability which enables attackers to remotely execute code, which could lead to compromise of data and execution of malicious code.



If not needed, you can deactivate the web-based management to prevent attacks (command line). Disable
unused TCP/UDP-ports. Restrict network access to the device. Do not directly connect the device to the


A fix for the affected firmwares will be provided with the following firmware versions:

  • > FW13 installed on 750-352/xxx-xxx
  • > FW13 installed on 750-88x/xxx-xxx
  • > FW13 installed on 750-852

No fix planned for products:

  • <= FW13 installed on 750-831/xxx-xxx
  • <= FW13 installed on 750-829

Reported by

The vulnerability was reported by Connor Ford from Nettitude.

Coordination done by CERT@VDE.