Primary

Context

WAGO OpenVPN Web Management Interface Arbitrary Command Execution Vulnerability

Vulnerability

A vulnerability exists in the web-based management interface of WAGO PLCs with OpenVPN enabled. An authenticated remote attacker with high privileges can exploit this vulnerability to execute arbitrary shell commands on the device. This could lead to a full system compromise, especially if user-defined scripts are allowed.

Impact

Exploitation allows authenticated attackers with high privileges to execute arbitrary shell commands on the affected device, potentially leading to a full system compromise.

Remediation

Users can drop OpenVPN privileges. Instructions for this mitigation are available in the WAGO manual "Cyber Security for Controller PFC100 / PFC200" in section 7.1.4.

Added: Apr 9, 2026, 11:43 AM

Updated: Apr 9, 2026, 11:43 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAGO OpenVPN Web Management Interface Arbitrary Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating