WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505 (ICSA-19-164-02)

The NCCIC has published an advisory on use of hard-coded credentials, use of hard-coded cryptographic key, and using components with known vulnerabilities in WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505. Multiple products and multiple versions of these products are affected. Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system. WAGO recommends users update their managed switch to the latest firmware. The NCCIC also advises of a series of mitigating measures for these vulnerabilities. Read the advisory at NCCIC/ICS-CERT.