U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Talos found tens of dangerous flaws in WAGO Controllers

Cisco Talos experts discovered tens of flaws in WAGO products that expose controllers and human-machine interface (HMI) panels to remote attacks. Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions. The vulnerabilities affect PFC100 and PFC200 programmable […]

WAGO

Cisco Talos experts discovered tens of flaws in WAGO products that expose controllers and human-machine interface (HMI) panels to remote attacks.

Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutions.

The vulnerabilities affect PFC100 and PFC200 programmable logic controllers (PLCs) and Touch Panel 600 HMI panels, they can lead to arbitrary code execution, command injection, information disclosure, and could allow DoS attacks. Experts reported that some of the flaws could be only exploited by authenticated attackers.

Talos researchers reported that some vulnerabilities impact the e!COCKPIT engineering software, the Web-Based Management (WBM) application, the cloud connectivity of the controllers, and the I/O Check functionality.

Experts pointed out that attackers can chain some of the vulnerabilities to take complete control of the targeted devices.

WAGO addressed only a few issues with the release of security patches, other flaws are expected to be fixed in the second quarter of 2020. The good news is that the company has provided mitigations for all the vulnerabilities.

In June 2019, a security researcher at consulting company SEC Consult discovered several vulnerabilities in some models of WAGO industrial switches. The vulnerabilities was affecting WAGO industrial switches 852-303, 852-1305 and 852-1505 models. 

In December 2017, researchers at SEC Consult experts discovered that 17 models of WAGO PFC200 PLC were vulnerable to an unauthenticated remote access exploit.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WAGO)

[adrotate banner=”5″]

[adrotate banner=”13″]