WAGO Controllers Vulnerable to Remote Command Execution

Several types of WAGO Controllers (I/O) have RCE vulnerabilities according to OneKey    got the info from CERT (Computer Emergency Response Team)

Here is the list from CERT:

Article No° Product Name Affected Version(s)
751-9301 Compact Controller CC100 FW20 <= FW22
751-9301 Compact Controller CC100 = FW23
752-8303/8000-002 Edge Controller = FW22
750-81xx/xxx-xxx PFC100 FW20 <= FW22
750-81xx/xxx-xxx PFC100 = FW23
750-82xx/xxx-xxx PFC200 FW20 <= FW22
750-82xx/xxx-xxx PFC200 = FW23
762-5xxx Touch Panel 600 Advanced Line = FW22
762-6xxx Touch Panel 600 Marine Line = FW22
762-4xxx Touch Panel 600 Standard Line = FW22

4th of May  the issue is “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78)

Thus all  devices that have an Operating System by this company (WAGO) are vulnerable to Remote Code Execution.


What is a PLC or Programmable Logic Controller? The PLC controls IO points (Input/Output) different types of electrical input or output. I.e. digital, or analog . And of course the PLC is connected to the network.

Here is a tutorial on PLC’s https://www.amci.com/industrial-automation-resources/plc-automation-tutorials/what-plc/

The whole idea of a PLC is to give some immediate function to certain IO points. These things make sense in a factory where stuff is being made or packaged or otherwise created/serviced.  One may want a fail safe electrical impulse thus the PLC is a special device that allows this to happen.

Thus PLC’s are used in industrial applications in factories.

So now we know that the PLC is susceptible to a computer attack what could happen to it? A Remote command execution means that one only needs to know the ip address of the device to attack and compromise it. In some factories changing settings could destroy merchandise or create safety hazards. Thus it behooves you to keep up on potential problems like these.

Update and patch your devices!!

In the above image I tried to convey how long things take (from the first moment when vulnerability is found until the moment it is patched.

Contact us and buy my book “Too Late You’re Hacked”

To patch or upgrade systems to keep high vulnerabilities out of your systems is very important.

If you want to learn more about the patch/upgrade cycle then buy my book. I go into it with more detail