ICSA-19-164-02 · Published 2019-06-13 · View on CISA ICS-CERT ↗

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.

CVEs (2)

CVE-2019-12550 CVE-2019-12549

Remediations

WAGO recommends users update their managed switch to the latest firmware published June 7, 2019, or later. New firmware can be requested in the Runtime Software dropdown within the Downloads section at the links below:
852-303: v1.2.2.S0 or later
852-1305: v1.1.6.S0 or later
852-1505: v1.1.5.S0 or later
Restrict network access to the switch
Restrict network access to the SSH server.
Do not directly connect the device to the Internet.
For more information CERT@VDE has released a security notification which can be viewed at the following link:https://cert.vde.com/en-us/advisories/vde-2019-013

Affected Vendors

WAGO

Affected Products (3)

WAGO · Industrial Managed Switch 852-1305 < 1.1.6.S0

WAGO · Industrial Managed Switch 852-1505 < 1.1.5.S0

WAGO · Industrial Managed Switch 852-303 < 1.2.2.S0

Affected Sectors

Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more