You are here

WAGO I/O-CHECK (ICSA-20-065-01) – Product Used in the Energy Sector

WAGO I/O-CHECK (ICSA-20-065-01) – Product Used in the Energy Sector

Created: Tuesday, March 10, 2020 - 09:44
Categories:
Cybersecurity

CISA has published an advisory on information exposure through sent data, buffer access with incorrect length value, missing authentication for critical function, and classic buffer overflow vulnerabilities in WAGO I/O-CHECK Series PFC100 and Series PFC200. Multiple versions of this software are affected. Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses. WAGO recommends updating to the latest firmware, FW 15 or above. It has also identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.