VDE-2025-080
Vulnerability from csaf_wagogmbhcokg - Published: 2025-09-09 10:00 - Updated: 2025-09-09 10:00Summary
WAGO: Multiple Vulnerabilities in I/O-Check Service
Severity
Critical
Notes
Impact: The reported vulnerability enables a remote attacker to send arbitrary commands without authentication. This could result in changes to settings, application deletion, factory resets, code execution, system crashes or denial of service. By using specially crafted IP packets, the attacker can manipulate settings and disrupt the device's basic functions, potentially gaining control of the device.
Summary: A missing authentication vulnerability exists in the iocheckd service "I/O-Check" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
Mitigation: The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning.
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
9.1 (Critical)
Mitigation
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning.
No Fix Planned
no fix planned
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "description",
"text": "The reported vulnerability enables a remote attacker to send arbitrary commands without authentication. This could result in changes to settings, application deletion, factory resets, code execution, system crashes or denial of service. By using specially crafted IP packets, the attacker can manipulate settings and disrupt the device\u0027s basic functions, potentially gaining control of the device.",
"title": "Impact"
},
{
"category": "summary",
"text": "A missing authentication vulnerability exists in the iocheckd service \"I/O-Check\" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.",
"title": "Summary"
},
{
"category": "description",
"text": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "WAGO PSIRT",
"url": "https://www.wago.com/de-en/automation-technology/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2025-080: WAGO: Multiple Vulnerabilities in I/O-Check Service - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-080"
},
{
"category": "self",
"summary": "VDE-2025-080: WAGO: Multiple Vulnerabilities in I/O-Check Service - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-080.json"
}
],
"title": "WAGO: Multiple Vulnerabilities in I/O-Check Service",
"tracking": {
"aliases": [
"VDE-2025-080"
],
"current_release_date": "2025-09-09T10:00:00.000Z",
"generator": {
"date": "2025-09-08T09:22:17.616Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.32"
}
},
"id": "VDE-2025-080",
"initial_release_date": "2025-09-09T10:00:00.000Z",
"revision_history": [
{
"date": "2025-09-09T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "0751-9x01",
"product": {
"name": "CC100 0751-9x01",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"0751-9?01"
]
}
}
}
],
"category": "product_family",
"name": "CC100"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-810x/xxxx-xxxx",
"product": {
"name": "PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"0750-810?/????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC100 G1"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-811x-xxxx-xxxx",
"product": {
"name": "PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"0750-811?-????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC100 G2"
},
{
"branches": [
{
"category": "product_name",
"name": "750-820x-xxx-xxx",
"product": {
"name": "PFC200 G1 750-820x-xxx-xxx",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
" 750-820?-????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC200 G1"
},
{
"branches": [
{
"category": "product_name",
"name": "750-821x-xxx-xxx",
"product": {
"name": "PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"750-821?-????-????"
]
}
}
}
],
"category": "product_family",
"name": "PFC200 G2"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-800x",
"product": {
"name": "Basic Controller 100 0750-800x",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"0750-800?"
]
}
}
}
],
"category": "product_family",
"name": "Basic Controller 100"
},
{
"branches": [
{
"category": "product_name",
"name": "0762-420x/8000-000x",
"product": {
"name": "TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"0762-420?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-430x/8000-000x",
"product": {
"name": "TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"0762-430?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-520x/8000-000x",
"product": {
"name": "TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"0762-520?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-530x/8000-000x",
"product": {
"name": "TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"0762-530?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-620x/8000-000x",
"product": {
"name": "TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"0762-620?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "0762-630x/8000-000x",
"product": {
"name": "TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"0762-630?/8000-000?"
]
}
}
}
],
"category": "product_family",
"name": "TP600"
},
{
"branches": [
{
"category": "product_name",
"name": "0752-8303/8000-0002",
"product": {
"name": "Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"0752-8303/8000-0002"
]
}
}
}
],
"category": "product_family",
"name": "Edge Controller"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-0331",
"product": {
"name": "Fieldbus Coupler 0750-0331 (discontinued))",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "0750-0332",
"product": {
"name": "Fieldbus Coupler 0750-0331",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "0750-0340",
"product": {
"name": "Fieldbus Coupler 0750-0340 (discontinued)",
"product_id": "CSAFPID-11016"
}
},
{
"category": "product_name",
"name": "0750-0341",
"product": {
"name": "Fieldbus Coupler 0750-0341 (discontinued)",
"product_id": "CSAFPID-11017"
}
},
{
"category": "product_name",
"name": "0750-0342",
"product": {
"name": "Fieldbus Coupler 0750-0342",
"product_id": "CSAFPID-11018"
}
},
{
"category": "product_name",
"name": "0750-0352",
"product": {
"name": "Fieldbus Coupler 0750-0352 (discontinued)",
"product_id": "CSAFPID-11019"
}
},
{
"category": "product_name",
"name": "0750-0362",
"product": {
"name": "Fieldbus Coupler 0750-0362",
"product_id": "CSAFPID-11020"
}
},
{
"category": "product_name",
"name": "0750-0363",
"product": {
"name": "Fieldbus Coupler 0750-0363",
"product_id": "CSAFPID-11021"
}
},
{
"category": "product_name",
"name": "0750-0370",
"product": {
"name": "Fieldbus Coupler 0750-0370 (discontinued)",
"product_id": "CSAFPID-11022"
}
},
{
"category": "product_name",
"name": "0750-0375",
"product": {
"name": "Fieldbus Coupler 0750-0375",
"product_id": "CSAFPID-11023"
}
},
{
"category": "product_name",
"name": "0750-0377",
"product": {
"name": "Fieldbus Coupler 0750-0377",
"product_id": "CSAFPID-11024"
}
}
],
"category": "product_family",
"name": "Fieldbus Coupler"
},
{
"branches": [
{
"category": "product_name",
"name": "0750-0823",
"product": {
"name": "Controller 0750-0823",
"product_id": "CSAFPID-11025"
}
},
{
"category": "product_name",
"name": "0750-0829",
"product": {
"name": "Controller 0750-0829",
"product_id": "CSAFPID-11026"
}
},
{
"category": "product_name",
"name": "0750-0831",
"product": {
"name": "Controller 0750-0831 (discontinued)",
"product_id": "CSAFPID-11027"
}
},
{
"category": "product_name",
"name": "0750-0842",
"product": {
"name": "Controller 0750-0842",
"product_id": "CSAFPID-11028"
}
},
{
"category": "product_name",
"name": "0750-0843",
"product": {
"name": "Controller 0750-0843",
"product_id": "CSAFPID-11029"
}
},
{
"category": "product_name",
"name": "0750-0852",
"product": {
"name": "Controller 0750-0852 (discontinued)",
"product_id": "CSAFPID-11030"
}
},
{
"category": "product_name",
"name": "0750-0860",
"product": {
"name": "Controller 0750-0860 (discontinued)",
"product_id": "CSAFPID-11031"
}
},
{
"category": "product_name",
"name": "0750-0862",
"product": {
"name": "Controller 0750-0862",
"product_id": "CSAFPID-11032"
}
},
{
"category": "product_name",
"name": "0750-0863",
"product": {
"name": "Controller 0750-0863 (discontinued)",
"product_id": "CSAFPID-11033"
}
},
{
"category": "product_name",
"name": "0750-0870",
"product": {
"name": "Controller 0750-0870 (discontinued)",
"product_id": "CSAFPID-11034"
}
},
{
"category": "product_name",
"name": "0750-0871",
"product": {
"name": "Controller 0750-0871 (discontinued)",
"product_id": "CSAFPID-11035"
}
},
{
"category": "product_name",
"name": "0750-0872",
"product": {
"name": "Controller 0750-0872 (discontinued)",
"product_id": "CSAFPID-11036"
}
},
{
"category": "product_name",
"name": "0750-0880",
"product": {
"name": "Controller 0750-0880 (discontinued)",
"product_id": "CSAFPID-11037"
}
},
{
"category": "product_name",
"name": "0750-0881",
"product": {
"name": "Controller 0750-0881 (discontinued)",
"product_id": "CSAFPID-11038"
}
},
{
"category": "product_name",
"name": "0750-0882",
"product": {
"name": "Controller 0750-0882 (discontinued)",
"product_id": "CSAFPID-11039"
}
},
{
"category": "product_name",
"name": "0750-0889",
"product": {
"name": "Controller 0750-0889",
"product_id": "CSAFPID-11040"
}
},
{
"category": "product_name",
"name": "0750-0890",
"product": {
"name": "Controller 0750-0890",
"product_id": "CSAFPID-11041"
}
},
{
"category": "product_name",
"name": "0750-0891",
"product": {
"name": "Controller 0750-0890",
"product_id": "CSAFPID-11042"
}
},
{
"category": "product_name",
"name": "0750-0893",
"product": {
"name": "Controller 0750-0893",
"product_id": "CSAFPID-11043"
}
}
],
"category": "product_family",
"name": "Controller"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "WAGO Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_name",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on CC100 0751-9x01",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on PFC200 G1 750-820x-xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Basic Controller 100 0750-800x",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0331 (discontinued))",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0331",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0340 (discontinued)",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0341 (discontinued)",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0342",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0352 (discontinued)",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0362",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0363",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0370 (discontinued)",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0375",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Fieldbus Coupler 0750-0377",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0823",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0829",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0831 (discontinued)",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0842",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0843",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0852 (discontinued)",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0860 (discontinued)",
"product_id": "CSAFPID-31031"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0862",
"product_id": "CSAFPID-31032"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0863 (discontinued)",
"product_id": "CSAFPID-31033"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11033"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0870 (discontinued)",
"product_id": "CSAFPID-31034"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0871 (discontinued)",
"product_id": "CSAFPID-31035"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11035"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0872 (discontinued)",
"product_id": "CSAFPID-31036"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0880 (discontinued)",
"product_id": "CSAFPID-31037"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11037"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0881 (discontinued)",
"product_id": "CSAFPID-31038"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11038"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0882 (discontinued)",
"product_id": "CSAFPID-31039"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11039"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0889",
"product_id": "CSAFPID-31040"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11040"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0890",
"product_id": "CSAFPID-31041"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11041"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0890",
"product_id": "CSAFPID-31042"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11042"
},
{
"category": "installed_on",
"full_product_name": {
"name": "WAGO Firmware vers:all/* installed on Controller 0750-0893",
"product_id": "CSAFPID-31043"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11043"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5080",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "An exploitable denial-of-service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038"
]
},
"references": [
{
"category": "self",
"summary": "VDE-2025-080: WAGO: Multiple Vulnerabilities in I/O-Check Service",
"url": "https://certvde.com/en/advisories/VDE-2025-080"
}
],
"remediations": [
{
"category": "mitigation",
"date": "2025-08-21T09:00:00.000Z",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "no fix planned",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038"
]
}
],
"title": "CVE-2019-5080"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…