Summary
WAGO reports a critical CVSS 10.0 vulnerability (CVE-2026-3587) in its industrial managed switches that allows unauthenticated remote attackers to escape the CLI and gain full device control. The flaw affects numerous models used in critical infrastructure.
Take Action:
Make sure all WAGO managed switches (Lean and Industrial series) are isolated from the internet and accessible from trusted networks only. Then update the firmware to the latest "S1" patched versions if you can't patch immediately, disable SSH and Telnet so the command line is only reachable through a physical connection on the device itself.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)