Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Tens of Vulnerabilities Expose WAGO Controllers, HMI Panels to Attacks

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company’s controllers and human-machine interface (HMI) panels to remote attacks.

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company’s controllers and human-machine interface (HMI) panels to remote attacks.

Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions.WAGO PLC vulnerabilities

The security holes impact PFC100 and PFC200 programmable logic controllers (PLCs) and Touch Panel 600 HMI panels.

Specifically, some of the flaws impact the e!COCKPIT engineering software, which can be integrated with the PFC100 and PFC200 PLCs. Others impact the Web-Based Management (WBM) application used for commissioning and updating PLCs. Vulnerabilities have also been found in the cloud connectivity feature of the affected controllers, and their I/O Check functionality, which is used during installation and commissioning.

The vulnerabilities can be exploited for arbitrary code execution, command injection, DoS attacks, and information disclosure. While exploiting some of the flaws requires authentication, some of the weaknesses can allow an attacker to obtain user credentials.

Craig Williams, director of the Talos outreach team, told SecurityWeek that some of the vulnerabilities can be chained, which can lead to more severe issues. Moreover, he says, attacks exploiting these vulnerabilities can be launched directly from the internet.

Chaining some of the vulnerabilities can allow an attacker to take complete control of a targeted device, and once that happens an attacker can do whatever they choose. “The limit would simply be the attacker’s creativity,” Williams said.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference 

WAGO has released patches for a few of the vulnerabilities and many of the flaws are expected to be fixed with a firmware update scheduled for the second quarter of 2020. However, the vendor has provided mitigation advice for all the vulnerabilities.

This is not the first time Cisco has found vulnerabilities in WAGO products. In December, the company disclosed several critical flaws identified in WAGO controllers.

Related: Critical Vulnerabilities Found in WAGO Industrial Switches

Related: Network DoS Attack on PLCs Can Disrupt Physical Processes

Related: Hackers Can Chain Multiple Flaws to Attack WAGO HMI Devices

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.