Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions.
The vulnerabilities affect PFC100 and PFC200 programmable logic controllers (PLCs) and Touch Panel 600 HMI panels, they can lead to arbitrary code execution, command injection, information disclosure, and could allow
Talos researchers reported that some vulnerabilities impact the e!COCKPIT engineering software, the Web-Based Management (WBM) application, the cloud connectivity of the controllers, and the I/O Check functionality.
Experts pointed out that attackers can chain some of the vulnerabilities to take complete control of the targeted
WAGO addressed only a few issues with the release of security patches, other flaws are expected to be fixed in the second quarter of 2020. The good news is that the company has provided mitigations for all the vulnerabilities.
In June 2019, a security researcher at consulting company SEC Consult
In December 2017, researchers at SEC Consult experts discovered that 17 models of WAGO PFC200 PLC were vulnerable to an unauthenticated remote access exploit.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.