Security Experts:

Tens of Vulnerabilities Expose WAGO Controllers, HMI Panels to Attacks

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company’s controllers and human-machine interface (HMI) panels to remote attacks.

Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions.WAGO PLC vulnerabilities

The security holes impact PFC100 and PFC200 programmable logic controllers (PLCs) and Touch Panel 600 HMI panels.

Specifically, some of the flaws impact the e!COCKPIT engineering software, which can be integrated with the PFC100 and PFC200 PLCs. Others impact the Web-Based Management (WBM) application used for commissioning and updating PLCs. Vulnerabilities have also been found in the cloud connectivity feature of the affected controllers, and their I/O Check functionality, which is used during installation and commissioning.

The vulnerabilities can be exploited for arbitrary code execution, command injection, DoS attacks, and information disclosure. While exploiting some of the flaws requires authentication, some of the weaknesses can allow an attacker to obtain user credentials.

Craig Williams, director of the Talos outreach team, told SecurityWeek that some of the vulnerabilities can be chained, which can lead to more severe issues. Moreover, he says, attacks exploiting these vulnerabilities can be launched directly from the internet.

Chaining some of the vulnerabilities can allow an attacker to take complete control of a targeted device, and once that happens an attacker can do whatever they choose. “The limit would simply be the attacker’s creativity,” Williams said.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference 

WAGO has released patches for a few of the vulnerabilities and many of the flaws are expected to be fixed with a firmware update scheduled for the second quarter of 2020. However, the vendor has provided mitigation advice for all the vulnerabilities.

This is not the first time Cisco has found vulnerabilities in WAGO products. In December, the company disclosed several critical flaws identified in WAGO controllers.

Related: Critical Vulnerabilities Found in WAGO Industrial Switches

Related: Network DoS Attack on PLCs Can Disrupt Physical Processes

Related: Hackers Can Chain Multiple Flaws to Attack WAGO HMI Devices

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.