WAGO: Vulnerabilities in WAGO Industrial-Managed Switches

VDE-2025-095

Last update

19.01.2026 09:00

Published at

10.12.2025 11:00

Vendor(s)

WAGO GmbH & Co. KG

External ID

VDE-2025-095

CSAF Document

Download

Summary

Two remote stack buffer overflow vulnerabilities were discovered in WAGO industrial switches. These issues originate from unsafe input handling in custom HTTP request parsing functions within the lighttpd binary. The affected binary lacks modern security features such as PIE and RELRO, increasing the risk of successful exploitation.

Impact

The vulnerabilities are exploitable without authentication and may allow remote code execution or cause denial of service. Exploitation can disable the web interface until manual intervention, as no automatic recovery mechanisms are in place.

Affected Product(s)

Model no.	Product name	Affected versions
0852-1322	Industrial-Managed-Switches 0852-1322	Firmware <02.64
0852-1328	Industrial-Managed-Switches 0852-1328	Firmware <02.64

Vulnerabilities

Expand / Collapse all

Published

19.01.2026 09:21

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Stack-based Buffer Overflow (CWE-121)

References

cve.org | nvd.nist.gov

Published

19.01.2026 09:21

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Stack-based Buffer Overflow (CWE-121)

References

cve.org | nvd.nist.gov

Remediation

Please update your devices to the specified fixed firmware version 02.64.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )
Daniel Hulliger from The Cyber-Defence Campus of armasuisse S+T for reporting

Revision History

Version	Date	Summary
1.0.0	10.12.2025 11:00	Initial release.
1.1.0	11.12.2025 10:00	Updated CVSS-Scores
1.2.0	19.01.2026 09:00	Updated model numbers.