Security News > 2021 > July > Vulnerabilities in WAGO Devices Expose Industrial Firms to Remote Attacks
Several critical and high-severity vulnerabilities have been identified in programmable logic controller and human-machine interface products made by WAGO, a German company specializing in electrical connection and automation solutions.
"By chaining the shared memory overflow vulnerability and the out-of-bound read vulnerability, we were able to create a full blown pre-auth remote code execution to take over any WAGO PFC100/200 device remotely," Katz told SecurityWeek.
WAGO released patches for these vulnerabilities in June, and also shared some mitigation advice.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
The vendor noted that the impacted I/O-Check service is only needed during the installation and commissioning of devices - it's not needed during normal operations - and customers have been advised to disable the service after commissioning.
"This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits," users have been told.