German industrial automation solutions provider Wago has released patches for four vulnerabilities found in its programmable logic controllers (PLCs).
Georgia Institute of Technology’s Cyber-Physical Security Lab researcher Ryan Pickren discovered the vulnerabilities while working on a PhD project focused on industrial control system (ICS) security.
Two of the flaws were classified as critical vulnerabilities based on their CVSS score, and the other two were medium-severity vulnerabilities. One critical vulnerability allowed an unauthenticated attacker to write arbitrary data with root privileges, leading to arbitrary code execution and a complete system compromise.
The second critical vulnerability permitted an unauthenticated attacker to read and set device parameters, potentially resulting in a full compromise of the controller.
Pickren said that these bugs can be chained together to weaponize attacks in two ways: direct network access or via cross-origin web requests. In both scenarios, no user interaction is required, and the chain is entirely unauthenticated.
A real-world attack could lead to threat actors maliciously controlling actuators, falsifying sensor measurements, and disabling all safety controls, Pickren explained.
Germany’s CERT@VDE issued an advisory describing the vulnerabilities and sharing information on impacted products and versions. These vulnerabilities are part of a more extensive trend in ICS security, according to Pickren, which will be detailed in an upcoming academic paper.
Pickren had previously received significant rewards from Apple for discovering camera hacking vulnerabilities and an exploit that could have been used to hack a user’s online accounts and webcam.
