VDE-2025-008
Vulnerability from csaf_wagogmbhcokg - Published: 2025-02-04 11:00 - Updated: 2025-05-14 13:00Summary
WAGO: Vulnerabilities in CODESYS Control
Notes
Summary: The following firmware versions installed on several devices are are vulnerable due to a vulnerability in CODESYS Control.
Impact: The CODESYS Control runtime system allows devices to function as programmable industrial controllers, accessing IOs, communication interfaces, and system functions. An authenticated attacker could exploit a vulnerability to inject OS shell function calls via the SysFile or CAA file system libraries.
Remediation: Update to Firmware version 27, Firmware 22 Patch 2. For the latest Custom Firmware version please contact the WAGO support.
Mitigation: The vulnerability is only exploitable if the an attacker has successfully logged in with according user rights. To prevent attackers from exploiting the vulnerability it is recommend to change the standard password in the web based management.
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
8.8 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — |
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31002 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31003 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31004 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31005 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31006 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31007 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31008 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31009 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31010 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31011 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31012 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31013 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31014 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31015 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31016 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31017 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31018 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31019 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31020 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31021 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31022 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31023 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31024 | — |
Workaround
Vendor Fix
|
References
5 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The following firmware versions installed on several devices are are vulnerable due to a vulnerability in CODESYS Control.",
"title": "Summary"
},
{
"category": "description",
"text": "The CODESYS Control runtime system allows devices to function as programmable industrial controllers, accessing IOs, communication interfaces, and system functions. An authenticated attacker could exploit a vulnerability to inject OS shell function calls via the SysFile or CAA file system libraries.",
"title": "Impact"
},
{
"category": "description",
"text": "Update to Firmware version 27, Firmware 22 Patch 2. For the latest Custom Firmware version please contact the WAGO support.",
"title": "Remediation"
},
{
"category": "description",
"text": "The vulnerability is only exploitable if the an attacker has successfully logged in with according user rights. To prevent attackers from exploiting the vulnerability it is recommend to change the standard password in the web based management.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2025-008: WAGO: Vulnerabilities in CODESYS Control - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-008"
},
{
"category": "self",
"summary": "VDE-2025-008: WAGO: Vulnerabilities in CODESYS Control - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-008.json"
}
],
"title": "WAGO: Vulnerabilities in CODESYS Control",
"tracking": {
"aliases": [
"VDE-2025-008"
],
"current_release_date": "2025-05-14T13:00:15.000Z",
"generator": {
"date": "2025-02-19T13:28:48.676Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.18"
}
},
"id": "VDE-2025-008",
"initial_release_date": "2025-02-04T11:00:00.000Z",
"revision_history": [
{
"date": "2025-02-04T11:00:00.000Z",
"number": "1",
"summary": "Initial release."
},
{
"date": "2025-02-19T13:30:00.000Z",
"number": "2",
"summary": "Update: fixed typo in Vendor fix, fixed version"
},
{
"date": "2025-05-14T13:00:15.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "0751/9x01",
"product": {
"name": "WAGO CC100 0751/9x01",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"0751-9?01"
]
}
}
}
],
"category": "product_family",
"name": "CC100"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-810x/xxxx-xxxx",
"product": {
"name": "WAGO PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"0750-810?/????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC100 G1"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-811x/xxxx-xxxx",
"product": {
"name": "WAGO PFC100 G2 0750-811x/xxxx-xxxx",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"0750-811?-????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC100 G2"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-820x/xxx-xxx",
"product": {
"name": "WAGO PFC200 G1 0750-820x/xxx-xxx",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
" 750-820?-????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC200 G1"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-821x/xxx-xxx",
"product": {
"name": "WAGO PFC200 G2 0750-821x/xxx-xxx",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"750-821?-????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC200 G2"
},
{
"branches": [
{
"category": "product_name",
"name": "0762-420x/8000-000x",
"product": {
"name": "WAGO TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"0762-420?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-430x/8000-000x",
"product": {
"name": "WAGO TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"0762-430?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-520x/8000-000x",
"product": {
"name": "WAGO TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"0762-520?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-530x/8000-000x",
"product": {
"name": "WAGO TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"0762-530?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-620x/8000-000x",
"product": {
"name": "WAGO TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"0762-620?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-630x/8000-000x",
"product": {
"name": "WAGO TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"0762-630?/8000-000?"
]
}
}
}
],
"category": "product_family",
"name": "TP600"
},
{
"branches": [
{
"category": "product_name",
"name": "0752-8303/8000-0002",
"product": {
"name": "WAGO Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"0752-8303/8000-0002"
]
}
}
}
],
"category": "product_family",
"name": "Edge Controller"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c04.05.10",
"product": {
"name": "WAGO Firmware \u003c04.05.10 (FW27)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "04.05.10",
"product": {
"name": "WAGO Firmware 04.05.10 (FW27)",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c03.10.11",
"product": {
"name": "WAGO Firmware \u003c03.10.11 (FW22 Patch 2)",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "03.10.11",
"product": {
"name": "WAGO Firmware 03.10.11 (FW22 Patch 2)",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version_range",
"name": "\u003c03.10.11(70)",
"product": {
"name": "Custom Firmware \u003c03.10.11(70)",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version",
"name": "03.10.11 (70)",
"product": {
"name": "Custom Firmware 03.10.11 (70)",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version_range",
"name": "\u003c04.06.01(70)",
"product": {
"name": "Custom Firmware \u003c04.06.01(70)",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "04.06.01 (70)",
"product": {
"name": "Custom Firmware 04.06.01 (70)",
"product_id": "CSAFPID-22004"
}
},
{
"category": "product_version_range",
"name": "\u003c04.06.03(70)",
"product": {
"name": "Custom Firmware \u003c04.06.03(70)",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "04.06.03 (70)",
"product": {
"name": "Custom Firmware 04.06.03 (70)",
"product_id": "CSAFPID-22005"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO CC100 0751/9x01",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c3.10.11 (FW22 Patch 2) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO PFC100 G2 0750-811x/xxxx-xxxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c3.10.11 (FW22 Patch 2) installed on WAGO PFC200 G1 0750-820x/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO PFC200 G2 0750-821x/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware \u003c4.5.10 (FW27) installed on WAGO Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 04.05.10 (FW27) installed on WAGO CC100 0751/9x01",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 3.10.11 (FW22 Patch 2) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO PFC100 G2 0750-811x/xxxx-xxxx",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 3.10.11 (FW22 Patch 2) installed on WAGO PFC200 G1 0750-820x/xxx-xxx",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO PFC200 G2 0750-821x/xxx-xxx",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware 4.5.10 (FW27) installed on WAGO Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.03(70) installed on WAGO CC100 0751/9x01",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c03.10.11(70) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO PFC100 G2 0750-811x/xxxx-xxxx",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c03.10.11(70) installed on WAGO PFC200 G1 0750-820x/xxx-xxx",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO PFC200 G2 0750-821x/xxx-xxx",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware \u003c04.06.01(70) installed on WAGO Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.03 (70) installed on WAGO CC100 0751/9x01",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 03.10.11 (70) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO PFC100 G2 0750-811x/xxxx-xxxx",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 03.10.11 (70) installed on WAGO PFC200 G1 0750-820x/xxx-xxx",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO PFC200 G2 0750-821x/xxx-xxx",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Custom Firmware 04.06.01 (70) installed on WAGO Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11012"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-6357",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024"
]
},
"references": [
{
"category": "external",
"summary": "CODESYS Advisory 2023-11",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18027\u0026token=43109051cf95d3445bc616e4efb8414336ebcc47\u0026download="
},
{
"category": "self",
"summary": "VDE-2025-008: Vulnerabilities in CODESYS Control",
"url": "https://certvde.com/en/advisories/VDE-2025-008"
}
],
"remediations": [
{
"category": "workaround",
"date": "2024-06-06T10:00:00.000Z",
"details": "The vulnerability is only exploitable if the an attacker has successfully logged in with according user rights. To prevent attackers from exploiting the vulnerability it is recommend to change the standard password in the web based management.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024"
]
},
{
"category": "vendor_fix",
"details": "Update to Firmware version 27, Firmware 22 Patch 2. For the latest Custom Firmware version please contact the WAGO support.\n",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024"
]
}
],
"title": "CVE-2023-6357"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…