Critical vulnerability in WAGO PFC200 controllers closed

US ICS-СERT has published an advisory on a critical vulnerability in WAGO PFC200 Series programmable logic controllers (PLCs). The vulnerability enables an unauthorized attacker to gain remote access to the controllers. It has been assigned a CVSS v.3 base score of 9.8. The severity of the vulnerability is further exacerbated by the availability of an exploit.

The vendor has released a firmware update (FW11) to close the vulnerability.

The vulnerability, which was assigned the ID CVE-2018-5459, allows a remote attacker to gain access to various functions of the plclinux_rt service without authorization by sending specially crafted TCP packets to port 2455. This enables the attacker to read, write and delete arbitrary files or manipulate the PLC application during runtime.

The problem is caused by a vulnerable version of CoDeSys Runtime (versions 2.3.х, 2.4.х), which is part of the PLC firmware, and affects 17 750-820X (PFC200 Series) controller models with firmware version 02.07.07 (10) or earlier.

Sources: ICS-CERT, SEC Consult