WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits
Ddos 
German industrial automation manufacturer WAGO GmbH & Co. KG has released critical security updates for its WAGO Device Manager after researchers uncovered serious vulnerabilities that could allow unauthenticated remote attackers to access sensitive system files and server resources. The flaws, coordinated by CERT@VDE, are tracked as CVE-2025-25264 and CVE-2025-25265, and have been assigned CVSS scores of 8.8 and 7.5, respectively.
The WAGO Device Manager is a configuration tool embedded in the firmware of WAGO’s industrial control systems (ICS). It enables technicians to configure, monitor, and manage programmable logic controllers (PLCs) and other WAGO components used in automation environments across manufacturing, energy, and transportation sectors.
The most severe of the two, CVE-2025-25264, stems from an overly permissive Cross-Origin Resource Sharing (CORS) policy. This allows any origin to send requests and read responses from the WAGO Device Manager, exposing sensitive configuration details to malicious web applications.
“An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks,” the advisory explains.
By crafting malicious scripts hosted on attacker-controlled domains, threat actors could silently exfiltrate system data without triggering standard authentication safeguards.
The second vulnerability, CVE-2025-25265, relates to an exposed web endpoint that allows remote attackers to access the file system of the device—again, without any authentication.
“It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure,” the advisory warns.
Such arbitrary file access could lead to the discovery of hardcoded credentials, configuration secrets, and other operational details that may enable deeper system compromise or lateral movement.
To address the vulnerabilities, WAGO recommends the following firmware upgrades:
- Firmware version 04.07.01 (FW29) or later
- Firmware version 03.10.11 (FW22 Patch 2) for older devices
Related Posts:
- WAGO Industrial Managed Switch Vulnerability Exposed to RCE
- Google Chrome Tests AI-Driven Auto Password Change for Breached Accounts
- Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces
- Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems
Donate