Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses.
CVEs (9)
Remediations
- WAGO recommends updating to the latest firmware, FW 15 or above. WAGO has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations.
- It is highly recommended to disable IP Port 6626 after commissioning.
- Disable unused TCP/UDP-ports.
- Restrict network access to the device.
- Do not directly connect the device to the Internet.
Affected Vendors
WAGO
Affected Products (4)
WAGO
·
Series PFC200
750-82xx/xxx-xxx
WAGO
·
I/O-CHECK Series PFC100 and Series PFC200
750-823 | 750-832/xxx-xxx | 750-862 | 750-890/xxx-xxx | 750-891
WAGO
·
Series PFC100
750-81xx/xxx-xxx
WAGO
·
I/O-CHECK Series PFC100 and Series PFC200
750-852 | 750-831/xxx-xxx | 750-881 | 750-880/xxx-xxx | 750-889
Affected Sectors
Commercial Facilities, Energy, Manufacturing, Transportation Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more