CVE-2024-41973— WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

CVSS 8.1 · High EPSS 1.82% · P83 Updated Aug 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-41973

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

Source: NVD (National Vulnerability Database)

Vulnerability Description

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

路径遍历：’…/…//’

Source: NVD (National Vulnerability Database)

Vulnerability Title

WAGO多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WAGO PFC100等都是德国万可（WAGO）公司的产品。WAGO PFC100是一款可编程逻辑控制器（PLC）。WAGO CC100 0751-9x01是一款紧凑型控制器。WAGO Edge Controller 0752-8303/8000-0002是一款控制器。 WAGO多款产品存在安全漏洞，该漏洞源于低权限远程攻击者可以指定文件系统上的任意文件，从而导致使用root权限写入任意文件。以下产品受到影响：WAGO CC100 0751-9x01、WAGO Edge Controller 0752-8

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
WAGO	CC100 0751-9x01	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	PFC100 G2 0750-811x-xxxx-xxxx	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	PFC200 G2 750-821x-xxx-xxx	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	TP600 0762-420x/8000-000x	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	TP600 0762-430x/8000-000x	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	TP600 0762-520x/8000-000x	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	TP600 0762-530x/8000-000x	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	TP600 0762-620x/8000-000x	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	TP600 0762-630x/8000-000x	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	Edge Controller 0752-8303/8000-0002	0.0.0 ~ 4.5.10 (FW27)	-
WAGO	PFC200 G2 0750-821x/xxx-xxx	0.0.0 ~ 04.04.03 (70)	-
WAGO	CC100 0751/9x01	0.0.0 ~ 04.03.03 (72)	-
WAGO	CC100 0751/9x01	0.0.0 ~ 04.04.03 (70)	-

II. Public POCs for CVE-2024-41973

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-41973

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-41973

Same Patch Batch · WAGO · 2024-11-18 · 8 CVEs total

CVE-2024-41969	8.8 HIGH	WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
CVE-2024-41967	8.1 HIGH	WAGO: Boot Mode Manipulation in Multiple Devices
CVE-2024-41971	8.1 HIGH	WAGO: Arbitrary File Overwrite in Multiple Devices
CVE-2024-41974	7.1 HIGH	WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple
CVE-2024-41972	6.5 MEDIUM	WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices
CVE-2024-41970	5.7 MEDIUM	WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices
CVE-2024-41968	5.4 MEDIUM	WAGO: Docker Settings Manipulation in Multiple Devices

IV. Related Vulnerabilities

Same product: CC100 0751-9x01

Same vendor: WAGO

Same weakness: CWE-35

V. Comments for CVE-2024-41973

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-41973— WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

I. Basic Information for CVE-2024-41973

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-41973

III. Intelligence Information for CVE-2024-41973

Same Patch Batch · WAGO · 2024-11-18 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-41973

Leave a comment