CP
cyberpings
VulnerabilitiesCRITICAL

WAGO Industrial Managed Switches - Critical Vulnerability Alert

CICISA Advisories·Reporting by CISA
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, a hidden flaw lets hackers take control of certain WAGO devices remotely.

Quick Summary

A critical vulnerability has been discovered in WAGO Industrial Managed Switches, allowing remote attackers to compromise devices. This affects various sectors worldwide. Immediate firmware updates are essential to mitigate risks.

The Flaw

WAGO GmbH & Co. KG has identified a critical vulnerability in its Industrial Managed Switches. This flaw allows an unauthenticated remote attacker to exploit a hidden function within the Command Line Interface (CLI) prompt. By escaping the restricted interface, attackers can gain full control over the affected devices. This vulnerability is tracked as CVE-2026-3587 and has a CVSS score of 10, indicating its severity.

The affected firmware versions include several models of WAGO hardware, specifically those prior to version V1.2.1.S0 for models 852-1812 and 852-1813, among others. The widespread nature of this vulnerability makes it a significant concern for users globally.

What's at Risk

The vulnerability impacts various sectors, including commercial facilities, critical manufacturing, energy, and transportation systems. Given that these devices are integral to operational technology environments, a successful exploit could lead to severe disruptions. Attackers could manipulate operations, steal sensitive data, or even cause physical damage to infrastructure.

The devices affected include multiple versions of WAGO hardware, such as 852-1812, 852-1813, and 852-303. With many installations worldwide, the potential for widespread impact is alarming.

Patch Status

WAGO has released firmware updates to address this vulnerability. Users are urged to upgrade to the fixed firmware versions, including V1.2.1.S1 for the Lean Managed Switch models and V1.2.3.S1 for specific Industrial Managed Switches. These updates are crucial for mitigating the risk of exploitation.

Additionally, WAGO recommends deactivating SSH and Telnet on affected devices to limit access to the CLI, thereby reducing the attack surface. Ensuring that devices are not exposed to the internet is also critical for maintaining security.

Immediate Actions

Organizations using WAGO Industrial Managed Switches should take immediate action to protect their systems. Here are the recommended steps:

  • Update firmware to the latest versions as specified by WAGO.
  • Deactivate SSH and Telnet on affected devices to prevent unauthorized access.
  • Limit network exposure for all control system devices, ensuring they are not accessible from the internet.

By following these recommendations, organizations can significantly reduce the risk associated with this critical vulnerability and safeguard their operational technology environments.

🔒 Pro insight: The critical nature of CVE-2026-3587 necessitates immediate patching to prevent potential exploitation in industrial environments.

Original article from

CICISA Advisories· CISA
Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Fortinet FortiClient EMS - Critical 0-Day Vulnerability Exploited

A critical zero-day vulnerability in FortiClient EMS is actively exploited. Fortinet has released emergency patches and urges immediate action from users.

Cyber Security News·
HIGHVulnerabilities

Video Conferencing Bug - CISA Orders Agencies to Patch

A serious vulnerability in TrueConf video conferencing software is being exploited by Chinese hackers. CISA has mandated a two-week patch deadline for federal agencies. Immediate action is essential to safeguard sensitive data and communications.

The Record·
HIGHVulnerabilities

Post-Deployment Vulnerability Detection - Rethinking Strategies

A new approach to vulnerability detection is needed post-deployment. Many organizations overlook risks from newly disclosed CVEs, leaving systems exposed. Rethinking strategies can enhance security.

OpenSSF Blog·
HIGHVulnerabilities

Mobile Vulnerabilities - Enterprises Struggle with Control

Mobile devices are increasingly vulnerable due to outdated software and hidden threats like Shadow AI. This puts sensitive enterprise data at risk. Organizations must act to secure their mobile environments.

SecurityWeek·
HIGHVulnerabilities

CVE-2026-33691 - OWASP CRS Whitespace Padding Bypass Alert

A new vulnerability in OWASP CRS allows attackers to upload dangerous files by exploiting whitespace in filenames. This affects many web applications, risking severe security breaches. Immediate updates are necessary to protect your systems.

Full Disclosure·
HIGHVulnerabilities

MetInfo CMS Vulnerability - PHP Code Injection Risk

A critical vulnerability in MetInfo CMS could let attackers execute arbitrary PHP code. Versions 7.9, 8.0, and 8.1 are at risk. Stay alert for updates and potential fixes.

Full Disclosure·