Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company’s controllers and human-machine interface (HMI) panels to remote attacks.
Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions.
The security holes impact PFC100 and PFC200 programmable logic controllers (PLCs) and Touch Panel 600 HMI panels.
Specifically, some of the flaws impact the e!COCKPIT engineering software, which can be integrated with the PFC100 and PFC200 PLCs. Others impact the Web-Based Management (WBM) application used for commissioning and updating PLCs. Vulnerabilities have also been found in the cloud connectivity feature of the affected controllers, and their I/O Check functionality, which is used during installation and commissioning.
The vulnerabilities can be exploited for arbitrary code execution, command injection, DoS attacks, and information disclosure. While exploiting some of the flaws requires authentication, some of the weaknesses can allow an attacker to obtain user credentials.
Craig Williams, director of the Talos outreach team, told SecurityWeek that some of the vulnerabilities can be chained, which can lead to more severe issues. Moreover, he says, attacks exploiting these vulnerabilities can be launched directly from the internet.
Chaining some of the vulnerabilities can allow an attacker to take complete control of a targeted device, and once that happens an attacker can do whatever they choose. “The limit would simply be the attacker’s creativity,” Williams said.
WAGO has released patches for a few of the vulnerabilities and many of the flaws are expected to be fixed with a firmware update scheduled for the second quarter of 2020. However, the vendor has provided mitigation advice for all the vulnerabilities.
This is not the first time Cisco has found vulnerabilities in WAGO products. In December, the company disclosed several critical flaws identified in WAGO controllers.