Platform
other
Component
wago-plc
Fixed in
4.5.11
3.10.11
4.5.11
3.10.11
4.5.11
26.0.1
4.5.11
4.5.11
4.5.11
0.0.1
4.5.11
4.5.11
4.5.11
CVE-2024-1490 describes a remote code execution (RCE) vulnerability affecting WAGO Programmable Logic Controllers (PLCs). An authenticated attacker with high privileges can exploit a flaw in the OpenVPN configuration accessible through the web-based management interface. This allows the execution of arbitrary shell commands on the device, potentially leading to complete system compromise, impacting versions 0.0.0 through FW 26. No official patch is currently available.
CVE-2024-1490 affects WAGO CC100 PLCs (0751-9x01 series) utilizing OpenVPN through their web-based management interface. An authenticated remote attacker with high privileges can exploit the OpenVPN configuration to execute arbitrary shell commands on the device. This is possible if user-defined scripts are permitted, as OpenVPN may allow the execution of arbitrary shell commands, enabling the attacker to run arbitrary commands on the device. The CVSS severity is 7.2, indicating a high risk. Successful command execution could allow the attacker to gain control of the PLC, access sensitive data, or disrupt system operations.
The vulnerability is exploited through the web management interface of the WAGO CC100 PLC. An attacker needs to possess user credentials with elevated privileges to access the OpenVPN configuration. If script execution is enabled, the attacker can inject malicious commands into the OpenVPN configuration that will be executed as shell commands on the PLC. The lack of input validation in the OpenVPN configuration is the root cause of the vulnerability. Successful exploitation requires network access to the PLC.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
Currently, there is no official fix provided by WAGO for this vulnerability. The primary mitigation is to disable user-defined script execution within the PLC’s web management interface. Additionally, review and harden the OpenVPN configuration, restricting permissions and carefully validating any user input. Monitoring network activity and system logs can help detect exploitation attempts. Keeping the PLC software updated with the latest versions (once WAGO releases a fix) is crucial for addressing future vulnerabilities.
Update the firmware of your WAGO PLC to a patched version. Consult WAGO documentation or their website for specific instructions on how to update the firmware and verify affected and patched versions.
Vulnerability analysis and critical alerts directly to your inbox.
PLC stands for 'Programmable Logic Controller'. It's a specialized computer used to automate industrial processes.
If you use a WAGO CC100 PLC with OpenVPN and script execution enabled, it is highly recommended to disable script execution until WAGO releases a fix.
The method for disabling script execution depends on the PLC firmware version. Refer to WAGO documentation for specific instructions.
An attacker could access configuration data, industrial process data, and potentially other systems connected to the network through the PLC.
Monitoring system logs and network activity for suspicious commands or unauthorized access can help detect exploitation.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.