Hackers exploit critical WAGO vulnerabilities for microcontroller takeover

The German supplier for industrial automation, WAGO, has released a statement acknowledging several vulnerabilities in its programmable logic controllers (PLCs). Ryan Picrena, an employee at the cyberphysical security laboratory of the Georgia Technological Institute, discovered the vulnerabilities. These vulnerabilities included critical weaknesses that hackers could use to gain complete control of WAGO devices.

Previously, Picrena received a significant reward from Apple for discovering vulnerabilities capable of hacking cameras and user accounts. Whist analyzing WAGO programmable controllers, Picrena discovered several vulnerabilities within the management web interface used to administer, commission and update devices.

The German company Cert published a small report that described all vulnerabilities and provided information about affected products and versions. According to their assessment of the CVSS, two vulnerabilities received a critical rating. The first, monitored as cve-2022-45138, allowed an unauthorized attacker to read and install some parameters within the device. The second, monitored as cve-2022-45140, allowed attackers to record arbitrary data with Root rights, potentially resulting in the execution of arbitrary code and complete compromise of the system.

Picrena discovered two vulnerabilities of moderate severity: one that could be used for intersyight script (XSS) attacks, and one applicable for disclosing information with limited effects. Picren explained, “These errors can be combined into a chain and used in two different ways. The first is direct access to the network, where the attacker is already inside the industrial control system and attacks a device connected to the Internet. The second, through web checks from the outside, involves the attacker luring someone from the industrial control system to a malicious website to gain access.”

Hackers could use these vulnerabilities for malicious management of performing mechanisms, falsification of sensors, and disconnecting all safety controls. WAGO recommends all users of affected products to update their firmware at the earliest opportunity to avoid any security breaches.