CRITICAL🇵🇱 Wersja polska

CVE-2025-41732

CVSS 9.8v3.1pub. 2025-12-10upd. 2025-12-19

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

🤖 AI Analysis
How it works

The vulnerability results from unsafe use of the sscanf() function within the check_cookie() function, which does not verify the length of input data before writing it to fixed-size buffers on the stack. An attacker can provide specially crafted data, causing arbitrary content to be written beyond the boundaries of the allocated buffer (stack-based buffer overflow, CWE-121, CWE-787). Stack overflow allows overwriting critical process control structures, leading to arbitrary code execution.

Impact

An attacker gains full control over the attacked device without needing any credentials, which includes the ability to read and modify configuration data, disrupt device operation, and use it as an entry point for further attacks on the industrial network.

Mitigation & patch

Apply patches available from the manufacturer according to the references — detailed information about available firmware updates is contained in the CERT@VDE VDE-2025-095 advisory (https://certvde.com/de/advisories/VDE-2025-095). Until the update is applied, restrict network access to WAGO 0852 devices through network segmentation, firewall, or VPN, preventing access by unauthorized hosts.

Who is affected

WAGO 0852-1322 and WAGO 0852-1328 devices along with their firmware; specific firmware versions indicated in the manufacturer's references (CERT@VDE advisory VDE-2025-095).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wago 0852 1322

    HW
    Wago
    wszystkie wersje
  • Wago 0852 1322 Firmware

    OS
    Wago
    < 02.64
  • Wago 0852 1328

    HW
    Wago
    wszystkie wersje
  • Wago 0852 1328 Firmware

    OS
    Wago
    < 02.64
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-41730CRITICAL9.8PL ✓ten sam produkt

Stack buffer overflow w urządzeniach Wago 0852 – pełne przejęcie urządzenia

CVE-2023-4149CRITICAL9.8PL ✓ten sam vendor

WAGO 0852 — command injection w panelu zarządzania WWW (root RCE)

CVE-2023-1698CRITICAL9.8ten sam vendor

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users an...

CVE-2022-45138CRITICAL9.8ten sam vendor

The configuration backend of the web-based management can be used by unauthenticated users, although only auth...

CVE-2022-45140CRITICAL9.8ten sam vendor

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the s...