CVE-2024-1490

Vulnerability

Description

The vulnerability resides in the Web-Based Management (WBM) function of WAGO PLCs when OpenVPN is enabled [1]. An authenticated attacker with high privileges can exploit the OpenVPN configuration to execute arbitrary shell commands [1]. The root cause involves user-defined scripts being permitted within the OpenVPN configuration, allowing command injection that bypasses intended restrictions.

Attack

Vector

Exploitation requires an attacker to be authenticated to the web-based management interface with high privileges, such as administrative access [1]. The attack is performed remotely over the network, targeting the WBM function while OpenVPN is active. No additional user interaction is needed beyond the initial authentication and configuration manipulation.

Impact

Successful exploitation allows the attacker to run arbitrary shell commands on the affected device [1]. This can lead to full system compromise, including data exfiltration, installation of persistent malware, or disruption of the PLC's control functions. The severity is rated High with a CVSS v3 score of 7.2.

Mitigation

The vendor, WAGO GmbH & Co. KG, has released an advisory (VDE-2024-008) detailing the vulnerability [1]. Users should apply the recommended firmware updates or configuration changes to disable user-defined OpenVPN scripts if not required. At the time of publication, no public exploit code has been reported.