Summary
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
The following versions of WAGO GmbH & Co. KG Industrial Managed Switches are affected:
- WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1812 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1813 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.3.S0 WAGO_Hardware_852-1813/000-001 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1816 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.8.S0 WAGO_Hardware_852-303 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1305 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1305/000-001 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.0.S0 WAGO_Hardware_852-1505/000-001 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.1.9.S0 WAGO_Hardware_852-1505 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.0.6.S0 WAGO_Hardware_852-602 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.0.6.S0 WAGO_Hardware_852-603 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.5.S0 WAGO_Hardware_852-1605 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1812/010-000 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1813/010-000 (CVE-2026-3587)
- WAGO Firmware versions prior to V1.2.1.S0 WAGO_Hardware_852-1816/010-000 (CVE-2026-3587)
- WAGO Firmware version V1.0.6.S0 WAGO_Hardware_852-602 (CVE-2026-3587)
- WAGO Firmware version V1.0.6.S0 WAGO_Hardware_852-603 (CVE-2026-3587)
- WAGO Firmware version V1.1.9.S0 WAGO_Hardware_852-1505 (CVE-2026-3587)
- WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1305 (CVE-2026-3587)
- WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1305/000-001 (CVE-2026-3587)
- WAGO Firmware version V1.2.0.S0 WAGO_Hardware_852-1505/000-001 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1812 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1816 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1812/010-000 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813/010-000 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1816/010-000 (CVE-2026-3587)
- WAGO Firmware version V1.2.3.S0 WAGO_Hardware_852-1813/000-001 (CVE-2026-3587)
- WAGO Firmware version V1.2.5.S0 WAGO_Hardware_852-1605 (CVE-2026-3587)
- WAGO Firmware version V1.2.8.S0 WAGO_Hardware_852-303 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S0 WAGO_Hardware_852-1813/010-001 (CVE-2026-3587)
- WAGO Firmware version V1.2.1.S1 WAGO_Hardware_852-1813/010-001 (CVE-2026-3587)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 10 | WAGO | WAGO GmbH & Co. KG Industrial Managed Switches | Hidden Functionality |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
CVE-2026-3587
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
Affected Products
WAGO GmbH & Co. KG Industrial Managed Switches
Vendor:
WAGO
WAGO
Product Version:
WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1812, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1813, WAGO WAGO Firmware versions prior to V1.2.3.S0: WAGO_Hardware_852-1813/000-001, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Har
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1812, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Hardware_852-1813, WAGO WAGO Firmware versions prior to V1.2.3.S0: WAGO_Hardware_852-1813/000-001, WAGO WAGO Firmware versions prior to V1.2.1.S0: WAGO_Har
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: