A critical security flaw, designated as CVE-2023-4149, has been identified in the WAGO Industrial Managed Switch. This vulnerability is a serious risk to industrial control systems (ICS) and environments involving critical infrastructure. The vulnerability is rated with a CVSS score of 9.8, indicating its severity. Unauthenticated remote attackers can exploit this vulnerability to inject arbitrary system commands and gain full control over the compromised device, executing commands with root privileges.
This vulnerability allows an attacker to remotely compromise the switch, potentially leading to operational disruptions, theft of sensitive data, or even physical damage to connected equipment. The vulnerability is located in the web-based management interface of the WAGO Industrial Managed Switch. By exploiting this vulnerability, an attacker can alter user requests to execute arbitrary commands on the device, thus gaining full control over the device's operations. The implications of this vulnerability are particularly alarming due to the role of the device in industrial control systems, where unauthorized access can lead to catastrophic outcomes.
If CVE-2023-4149 is exploited, an attacker could gain full control over the system, execute commands with root privileges, disrupt critical industrial processes by altering device configurations or manipulating data flows, access sensitive industrial or process control data for malicious use, and in extreme scenarios, manipulate the device to cause physical damage to connected equipment.
To reduce the risk associated with CVE-2023-4149, organizations are strongly recommended to take the following steps: Limit network access to the WAGO Industrial Managed Switch, permitting only authorized personnel to connect to the device; avoid connecting the device directly to the public internet to further minimize the attack surface and potential exposure; and promptly apply the latest firmware updates provided by WAGO, specifically firmware version 1.0.6.S0 for products 0852-0602, 0852-0603, and firmware version 1.2.5.S0 for product 852-1605.