CVE-2024-1490 - Vulnerability Details

- Wago: Vulnerability in WBM through Open VPN

Description

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

Published: 2026-04-09

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An authenticated remote attacker with high privileges can modify the OpenVPN configuration through the web‑based management interface on certain WAGO PLCs. When the system allows user‑defined scripts, OpenVPN can be abused to inject and execute arbitrary shell commands, providing the attacker full remote code execution on the device. The weakness originates from improper validation of configuration input (CWE‑94).

Affected Systems

Vulnerable models include WAGO CC100 (0751‑9x01), Edge Controller (0752‑8303‑8000‑0002), PFC100 G1 (0750‑810‑xxxx‑xxxx), PFC100 G2 (0750‑811x‑xxxx‑xxxx), PFC200 G1 (750‑820x‑xxxx‑xxxx), PFC200 G2 (750‑821x‑xxxx‑xxxx), TP600 series (0762‑420x, 430x, 520x, 530x, 620x, 630x with 8000‑000x), and WP400 (0762‑340x).

Risk and Exploitability

CVSS score 7.2 denotes a high severity vulnerability; exploitation requires authentication and high‑privilege access but leverages the public web interface, making it network‑exposed. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. If configuration changes are made to permit user‑defined scripts, the attacker can run arbitrary shell commands, compromising confidentiality, integrity, and availability of the device. Mitigation includes applying vendor patches, restricting management interface access, and disabling script execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

WAGO

CC100 (0751-9x01)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

PFC100 G1 (0750-810-xxxx-xxxx)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 3.10.10

WAGO

PFC100 G2 (0750-811x-xxxx-xxxx)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

PFC200 G1 (750-820x-xxxx-xxxx)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 3.10.10

WAGO

PFC200 G2 (750-821x-xxxx-xxxx)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

TP600 (0762-420x-8000-000x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ FW 26

WAGO

TP600 (0762-430x-8000-000x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

TP600 (0762-520x-8000-000x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

TP600 (0762-530x-8000-000x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

TP600 (0762-620x-8000-000x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	—

WAGO

TP600 (0762-630x-8000-000x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

Edge Controller (0752-8303-8000-0002)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

WAGO

WP400 (0762-340x)

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 4.5.10

No data.

Vendor Product Confidence Versions

Wago

Cc100 (0751-9x01)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Edge Controller (0752-8303-8000-0002)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Pfc100 G1 (0750-810-xxxx-xxxx)

100%

Version	Status	Scheme	Platform
`[0.0.0,3.10.10]`	affected	semver	—

Wago

Pfc100 G2 (0750-811x-xxxx-xxxx)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Pfc200 G1 (750-820x-xxxx-xxxx)

100%

Version	Status	Scheme	Platform
`[0.0.0,3.10.10]`	affected	semver	—

Wago

Pfc200 G2 (750-821x-xxxx-xxxx)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Tp600 (0762-420x-8000-000x)

100%

Version	Status	Scheme	Platform
`[0,FW 26]`	affected	generic	—

Wago

Tp600 (0762-430x-8000-000x)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Tp600 (0762-520x-8000-000x)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Tp600 (0762-530x-8000-000x)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Tp600 (0762-620x-8000-000x)

100%

Version	Status	Scheme	Platform
`0.0.0`	affected	semver	—

Wago

Tp600 (0762-630x-8000-000x)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Wago

Wp400 (0762-340x)

100%

Version	Status	Scheme	Platform
`[0.0.0,4.5.10]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware or security update from WAGO that addresses the OpenVPN configuration validation issue.
Limit web‑based management access to trusted internal networks and enforce strong authentication.
Disable or remove the ability to add user‑defined scripts in the OpenVPN configuration if not required.
Monitor the device for unauthorized configuration changes and command execution logs.
If no patch is available, consider disabling the OpenVPN feature entirely or isolating the PLC from the exposed network.

Generated by OpenCVE AI on April 9, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00096.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://certvde.com/de/advisories/VDE-2024-008
https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json

History

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wago Wago cc100 (0751-9x01) Wago edge Controller (0752-8303-8000-0002) Wago pfc100 G1 (0750-810-xxxx-xxxx) Wago pfc100 G2 (0750-811x-xxxx-xxxx) Wago pfc200 G1 (750-820x-xxxx-xxxx) Wago pfc200 G2 (750-821x-xxxx-xxxx) Wago tp600 (0762-420x-8000-000x) Wago tp600 (0762-430x-8000-000x) Wago tp600 (0762-520x-8000-000x) Wago tp600 (0762-530x-8000-000x) Wago tp600 (0762-620x-8000-000x) Wago tp600 (0762-630x-8000-000x) Wago wp400 (0762-340x)
Vendors & Products		Wago Wago cc100 (0751-9x01) Wago edge Controller (0752-8303-8000-0002) Wago pfc100 G1 (0750-810-xxxx-xxxx) Wago pfc100 G2 (0750-811x-xxxx-xxxx) Wago pfc200 G1 (750-820x-xxxx-xxxx) Wago pfc200 G2 (750-821x-xxxx-xxxx) Wago tp600 (0762-420x-8000-000x) Wago tp600 (0762-430x-8000-000x) Wago tp600 (0762-520x-8000-000x) Wago tp600 (0762-530x-8000-000x) Wago tp600 (0762-620x-8000-000x) Wago tp600 (0762-630x-8000-000x) Wago wp400 (0762-340x)

Thu, 09 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 09 Apr 2026 11:15:00 +0000

Type	Values Removed	Values Added
Description		An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.
Title		Wago: Vulnerability in WBM through Open VPN
Weaknesses		CWE-94
References		https://certvde.com/de/advisories/VDE-2024-008 https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Wago Cc100 (0751-9x01) Edge Controller (0752-8303-8000-0002) Pfc100 G1 (0750-810-xxxx-xxxx) Pfc100 G2 (0750-811x-xxxx-xxxx) Pfc200 G1 (750-820x-xxxx-xxxx) Pfc200 G2 (750-821x-xxxx-xxxx) Tp600 (0762-420x-8000-000x) Tp600 (0762-430x-8000-000x) Tp600 (0762-520x-8000-000x) Tp600 (0762-530x-8000-000x) Tp600 (0762-620x-8000-000x) Tp600 (0762-630x-8000-000x) Wp400 (0762-340x)

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-04-09T10:52:41.174Z

Updated: 2026-04-09T16:15:38.524Z

Reserved: 2024-02-14T15:20:27.403Z

Link: CVE-2024-1490

Vulnrichment

Updated: 2026-04-09T14:27:42.643Z

NVD

Status : Awaiting Analysis

Published: 2026-04-09T11:16:19.657

Modified: 2026-04-13T15:02:47.353

Link: CVE-2024-1490

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-10T09:32:54Z

Weaknesses

CWE-94

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object