CVE-2024-1490: Wago: Vulnerability in WBM through Open VPN
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-1490?
CVE-2024-1490 is considered a high-severity vulnerability due to the potential for remote code execution through the web-based management interface.
How do I fix CVE-2024-1490?
To mitigate CVE-2024-1490, ensure that user-defined scripts are disabled in the OpenVPN configuration on WAGO PLCs.
Who is affected by CVE-2024-1490?
CVE-2024-1490 affects users of the WAGO WBM (Web-Based Management) system that implement OpenVPN.
What can an attacker do with CVE-2024-1490?
An authenticated remote attacker could execute arbitrary shell commands if user-defined scripts are permitted within the OpenVPN configuration.
How can I determine if my system is vulnerable to CVE-2024-1490?
To assess vulnerability to CVE-2024-1490, check if your WAGO PLC allows user-defined scripts in the OpenVPN configuration.