{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-1490", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2024-02-14T15:20:27.403Z", "datePublished": "2026-04-09T10:52:41.174Z", "dateUpdated": "2026-04-09T16:15:38.524Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CC100 (0751-9x01)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC100 G1 (0750-810-xxxx-xxxx)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "3.10.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC100 G2 (0750-811x-xxxx-xxxx)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G1 (750-820x-xxxx-xxxx)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "3.10.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G2 (750-821x-xxxx-xxxx)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 (0762-420x-8000-000x)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW 26", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 (0762-430x-8000-000x)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 (0762-520x-8000-000x)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 (0762-530x-8000-000x)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 (0762-620x-8000-000x)", "vendor": "WAGO", "versions": [{"status": "affected", "version": "0.0.0"}]}, {"defaultStatus": "unaffected", "product": "TP600 (0762-630x-8000-000x)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Edge Controller (0752-8303-8000-0002)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "WP400 (0762-340x)", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Jeroen Wijenbergh, Floris Hendriks from Radboud University"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.<br>"}], "value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-04-09T10:52:41.174Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2024-008"}, {"tags": ["vendor-advisory"], "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json"}], "source": {"advisory": "VDE-2024-008", "defect": ["CERT@VDE#64648"], "discovery": "EXTERNAL"}, "title": "Wago: Vulnerability in WBM through Open VPN", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:27:36.814209Z", "id": "CVE-2024-1490", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T16:15:38.524Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1490", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-09T14:27:36.814209Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:27:42.643Z"}}], "cna": {"title": "Wago: Vulnerability in WBM through Open VPN", "source": {"defect": ["CERT@VDE#64648"], "advisory": "VDE-2024-008", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Jeroen Wijenbergh, Floris Hendriks from Radboud University"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WAGO", "product": "CC100 (0751-9x01)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC100 G1 (0750-810-xxxx-xxxx)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "3.10.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC100 G2 (0750-811x-xxxx-xxxx)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G1 (750-820x-xxxx-xxxx)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "3.10.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G2 (750-821x-xxxx-xxxx)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 (0762-420x-8000-000x)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "FW 26"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 (0762-430x-8000-000x)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 (0762-520x-8000-000x)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 (0762-530x-8000-000x)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 (0762-620x-8000-000x)", "versions": [{"status": "affected", "version": "0.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 (0762-630x-8000-000x)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Edge Controller (0752-8303-8000-0002)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "WP400 (0762-340x)", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2024-008"}, {"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.", "supportingMedia": [{"type": "text/html", "value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-04-09T10:52:41.174Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1490", "state": "PUBLISHED", "dateUpdated": "2026-04-09T16:15:38.524Z", "dateReserved": "2024-02-14T15:20:27.403Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-04-09T10:52:41.174Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device."}], "id": "CVE-2024-1490", "lastModified": "2026-04-13T15:02:47.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2026-04-09T11:16:19.657", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2024-008"}, {"source": "info@cert.vde.com", "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CC100 (0751-9x01)", "source": "cna", "vendor": "WAGO"}, "product": "cc100_(0751-9x01)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Edge Controller (0752-8303-8000-0002)", "source": "cna", "vendor": "WAGO"}, "product": "edge_controller_(0752-8303-8000-0002)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,3.10.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PFC100 G1 (0750-810-xxxx-xxxx)", "source": "cna", "vendor": "WAGO"}, "product": "pfc100_g1_(0750-810-xxxx-xxxx)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PFC100 G2 (0750-811x-xxxx-xxxx)", "source": "cna", "vendor": "WAGO"}, "product": "pfc100_g2_(0750-811x-xxxx-xxxx)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,3.10.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PFC200 G1 (750-820x-xxxx-xxxx)", "source": "cna", "vendor": "WAGO"}, "product": "pfc200_g1_(750-820x-xxxx-xxxx)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PFC200 G2 (750-821x-xxxx-xxxx)", "source": "cna", "vendor": "WAGO"}, "product": "pfc200_g2_(750-821x-xxxx-xxxx)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,FW 26]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TP600 (0762-420x-8000-000x)", "source": "cna", "vendor": "WAGO"}, "product": "tp600_(0762-420x-8000-000x)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TP600 (0762-430x-8000-000x)", "source": "cna", "vendor": "WAGO"}, "product": "tp600_(0762-430x-8000-000x)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TP600 (0762-520x-8000-000x)", "source": "cna", "vendor": "WAGO"}, "product": "tp600_(0762-520x-8000-000x)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TP600 (0762-530x-8000-000x)", "source": "cna", "vendor": "WAGO"}, "product": "tp600_(0762-530x-8000-000x)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TP600 (0762-620x-8000-000x)", "source": "cna", "vendor": "WAGO"}, "product": "tp600_(0762-620x-8000-000x)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TP600 (0762-630x-8000-000x)", "source": "cna", "vendor": "WAGO"}, "product": "tp600_(0762-630x-8000-000x)", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,4.5.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WP400 (0762-340x)", "source": "cna", "vendor": "WAGO"}, "product": "wp400_(0762-340x)", "vendor": "wago"}], "analysis": {"en": {"generated_at": "2026-04-09T12:21:40.406595+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware or security update from WAGO that addresses the OpenVPN configuration validation issue.", "Limit web\u2011based management access to trusted internal networks and enforce strong authentication.", "Disable or remove the ability to add user\u2011defined scripts in the OpenVPN configuration if not required.", "Monitor the device for unauthorized configuration changes and command execution logs.", "If no patch is available, consider disabling the OpenVPN feature entirely or isolating the PLC from the exposed network."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via OpenVPN configuration"}, "threat_synthesis": {"affected_systems": "Vulnerable models include WAGO CC100 (0751\u20119x01), Edge Controller (0752\u20118303\u20118000\u20110002), PFC100 G1 (0750\u2011810\u2011xxxx\u2011xxxx), PFC100 G2 (0750\u2011811x\u2011xxxx\u2011xxxx), PFC200 G1 (750\u2011820x\u2011xxxx\u2011xxxx), PFC200 G2 (750\u2011821x\u2011xxxx\u2011xxxx), TP600 series (0762\u2011420x, 430x, 520x, 530x, 620x, 630x with 8000\u2011000x), and WP400 (0762\u2011340x).", "description_and_impact": "An authenticated remote attacker with high privileges can modify the OpenVPN configuration through the web\u2011based management interface on certain WAGO PLCs. When the system allows user\u2011defined scripts, OpenVPN can be abused to inject and execute arbitrary shell commands, providing the attacker full remote code execution on the device. The weakness originates from improper validation of configuration input (CWE\u201194).", "risk_and_exploitability": "CVSS score 7.2 denotes a high severity vulnerability; exploitation requires authentication and high\u2011privilege access but leverages the public web interface, making it network\u2011exposed. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. If configuration changes are made to permit user\u2011defined scripts, the attacker can run arbitrary shell commands, compromising confidentiality, integrity, and availability of the device. Mitigation includes applying vendor patches, restricting management interface access, and disabling script execution."}}}}, "created": "2026-04-10T08:53:44.051716+00:00", "updated": "2026-04-10T09:32:54.725328+00:00", "vendors": ["wago", "wago$PRODUCT$cc100_(0751-9x01)", "wago$PRODUCT$edge_controller_(0752-8303-8000-0002)", "wago$PRODUCT$pfc100_g1_(0750-810-xxxx-xxxx)", "wago$PRODUCT$pfc100_g2_(0750-811x-xxxx-xxxx)", "wago$PRODUCT$pfc200_g1_(750-820x-xxxx-xxxx)", "wago$PRODUCT$pfc200_g2_(750-821x-xxxx-xxxx)", "wago$PRODUCT$tp600_(0762-420x-8000-000x)", "wago$PRODUCT$tp600_(0762-430x-8000-000x)", "wago$PRODUCT$tp600_(0762-520x-8000-000x)", "wago$PRODUCT$tp600_(0762-530x-8000-000x)", "wago$PRODUCT$tp600_(0762-620x-8000-000x)", "wago$PRODUCT$tp600_(0762-630x-8000-000x)", "wago$PRODUCT$wp400_(0762-340x)"]}