WAGO PFC200 Series PLCs

SEC Consult discovered a vulnerability in 17 750-820X models of the Linux-based WAGO PFC200 series programmable logic controllers (PLCs) running firmware version 02.07.07 (10). This vulnerability exists due to the embedded version of the CODESYS Runtime Toolkit, software that is used by many vendors in hundreds of PLCs and various other industrial controllers. If exploited, this vulnerability could allow a remote attacker to gain unauthenticated access to several functions of the plclinux_rt service by sending specially-crafted packets over port 2455. This access would allow the attacker to read, write, or delete arbitrary files, rewrite the etc/shadow file, gain root privileges to the device, and create a denial-of-service condition. The NJCCIC recommends all users and administrators of the affected PLCs review the SEC Consult report and either delete the plclinux_rt service or close port 2455 until a patch is released.