CVE-2024-1490 PUBLISHED

Wago: Vulnerability in WBM through Open VPN

Assigner: CERTVDE
Reserved: 14.02.2024 Published: 09.04.2026 Updated: 09.04.2026

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.2

Product Status

Vendor WAGO
Product CC100 (0751-9x01)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product PFC100 G1 (0750-810-xxxx-xxxx)
Versions Default: unaffected
  • affected from 0.0.0 to 3.10.10 (incl.)
Vendor WAGO
Product PFC100 G2 (0750-811x-xxxx-xxxx)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product PFC200 G1 (750-820x-xxxx-xxxx)
Versions Default: unaffected
  • affected from 0.0.0 to 3.10.10 (incl.)
Vendor WAGO
Product PFC200 G2 (750-821x-xxxx-xxxx)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product TP600 (0762-420x-8000-000x)
Versions Default: unaffected
  • affected from 0.0.0 to FW 26 (incl.)
Vendor WAGO
Product TP600 (0762-430x-8000-000x)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product TP600 (0762-520x-8000-000x)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product TP600 (0762-530x-8000-000x)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product TP600 (0762-620x-8000-000x)
Versions Default: unaffected
  • Version 0.0.0 is affected
Vendor WAGO
Product TP600 (0762-630x-8000-000x)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product Edge Controller (0752-8303-8000-0002)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)
Vendor WAGO
Product WP400 (0762-340x)
Versions Default: unaffected
  • affected from 0.0.0 to 4.5.10 (incl.)

Credits

  • Jeroen Wijenbergh, Floris Hendriks from Radboud University reporter

References

Problem Types

  • CWE-94 Improper Control of Generation of Code ('Code Injection') CWE