CP
cyberpings
VulnerabilitiesCRITICAL

WAGO Industrial Managed Switches - Critical Vulnerability Alert

CICISA Advisories
CVE-2026-3587WAGOIndustrial Control Systems
🎯

Basically, a hidden flaw lets hackers take control of certain WAGO devices remotely.

Quick Summary

A critical vulnerability has been discovered in WAGO Industrial Managed Switches, allowing remote attackers to compromise devices. This affects various sectors worldwide. Immediate firmware updates are essential to mitigate risks.

The Flaw

WAGO GmbH & Co. KG has identified a critical vulnerability in its Industrial Managed Switches. This flaw allows an unauthenticated remote attacker to exploit a hidden function within the Command Line Interface (CLI) prompt. By escaping the restricted interface, attackers can gain full control over the affected devices. This vulnerability is tracked as CVE-2026-3587 and has a CVSS score of 10, indicating its severity.

The affected firmware versions include several models of WAGO hardware, specifically those prior to version V1.2.1.S0 for models 852-1812 and 852-1813, among others. The widespread nature of this vulnerability makes it a significant concern for users globally.

What's at Risk

The vulnerability impacts various sectors, including commercial facilities, critical manufacturing, energy, and transportation systems. Given that these devices are integral to operational technology environments, a successful exploit could lead to severe disruptions. Attackers could manipulate operations, steal sensitive data, or even cause physical damage to infrastructure.

The devices affected include multiple versions of WAGO hardware, such as 852-1812, 852-1813, and 852-303. With many installations worldwide, the potential for widespread impact is alarming.

Patch Status

WAGO has released firmware updates to address this vulnerability. Users are urged to upgrade to the fixed firmware versions, including V1.2.1.S1 for the Lean Managed Switch models and V1.2.3.S1 for specific Industrial Managed Switches. These updates are crucial for mitigating the risk of exploitation.

Additionally, WAGO recommends deactivating SSH and Telnet on affected devices to limit access to the CLI, thereby reducing the attack surface. Ensuring that devices are not exposed to the internet is also critical for maintaining security.

Immediate Actions

Organizations using WAGO Industrial Managed Switches should take immediate action to protect their systems. Here are the recommended steps:

  • Update firmware to the latest versions as specified by WAGO.
  • Deactivate SSH and Telnet on affected devices to prevent unauthorized access.
  • Limit network exposure for all control system devices, ensuring they are not accessible from the internet.

By following these recommendations, organizations can significantly reduce the risk associated with this critical vulnerability and safeguard their operational technology environments.

🔒 Pro insight: The critical nature of CVE-2026-3587 necessitates immediate patching to prevent potential exploitation in industrial environments.

Original article from

CISA Advisories · CISA

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

CVE-2026-33634 - Critical Vulnerability Added to CISA Catalog

CISA has added a new critical vulnerability to its KEV Catalog. CVE-2026-33634 affects Aqua Security's Trivy, posing risks to federal networks. Organizations must act quickly to mitigate potential threats.

CISA Advisories·
HIGHVulnerabilities

iOS 26 Security - Leaked Tools Expose Millions to Spyware

Leaked hacking tools put millions of older iPhones at risk. Cybersecurity experts warn that outdated devices are vulnerable to spyware attacks. Users must update their software to stay safe.

TechCrunch Security·
HIGHVulnerabilities

Vulnerabilities in AI-Generated Code - Researchers Warn

Researchers at Georgia Tech have found a sharp rise in vulnerabilities linked to AI-generated code. This surge in CVEs raises serious concerns for software security. Developers must be vigilant as AI tools become more prevalent in coding practices.

Infosecurity Magazine·
CRITICALVulnerabilities

Langflow Vulnerability - CISA Warns of Critical Code Injection

CISA has flagged a critical code injection vulnerability in Langflow, tracked as CVE-2026-33017. This flaw allows attackers to exploit the platform without authentication. Organizations must act quickly to apply patches or discontinue use to avoid serious risks.

Cyber Security News·
HIGHVulnerabilities

Vulnerability in OpenCode Systems - Access SMS Messages

A vulnerability in OpenCode Systems' messaging products allows unauthorized access to SMS messages. This affects users of version 6.32.2, posing serious privacy risks. Immediate updates are recommended to mitigate the threat.

CISA Advisories·
CRITICALVulnerabilities

PTC Windchill - Critical Remote Code Execution Vulnerability

A critical vulnerability in PTC Windchill could allow attackers to execute code remotely. Affected versions include several Windchill and FlexPLM releases. Immediate action is essential to protect systems from exploitation.

CISA Advisories·