## WAGO Industrial Managed Switches Vulnerable to Remote Code Execution Security researchers have uncovered a serious vulnerability affecting a range of **WAGO GmbH & Co. KG** Industrial Managed Switches. Tracked as **CVE-2026-3587**, the vulnerability stems from a hidden function within the device's CLI prompt. ### Technical Details An unauthenticated remote attacker can exploit this hidden functionality to escape the restricted CLI environment. Successful exploitation leads to complete compromise of the device, granting the attacker elevated privileges and the ability to execute arbitrary commands. This could allow for malicious activities such as data theft, network disruption, or the deployment of malware. ### Affected Products The vulnerability affects a wide range of **WAGO** Industrial Managed Switches running specific firmware versions: * WAGO_Hardware_852-1812: Firmware versions prior to V1.2.1.S0 and version V1.2.1.S0 * WAGO_Hardware_852-1813: Firmware versions prior to V1.2.1.S0 and version V1.2.1.S0 * WAGO_Hardware_852-1813/000-001: Firmware versions prior to V1.2.3.S0 and version V1.2.3.S0 * WAGO_Hardware_852-1816: Firmware versions prior to V1.2.1.S0 and version V1.2.1.S0 * WAGO_Hardware_852-303: Firmware versions prior to V1.2.8.S0 and version V1.2.8.S0 * WAGO_Hardware_852-1305: Firmware versions prior to V1.2.0.S0 and version V1.2.0.S0 * WAGO_Hardware_852-1305/000-001: Firmware versions prior to V1.2.0.S0 and version V1.2.0.S0 * WAGO_Hardware_852-1505/000-001: Firmware versions prior to V1.2.0.S0 and version V1.2.0.S0 * WAGO_Hardware_852-1505: Firmware versions prior to V1.1.9.S0 and version V1.1.9.S0 * WAGO_Hardware_852-602: Firmware versions prior to V1.0.6.S0 and version V1.0.6.S0 * WAGO_Hardware_852-603: Firmware versions prior to V1.0.6.S0 and version V1.0.6.S0 * WAGO_Hardware_852-1605: Firmware versions prior to V1.2.5.S0 and version V1.2.5.S0 * WAGO_Hardware_852-1812/010-000: Firmware versions prior to V1.2.1.S0 and version V1.2.1.S0 * WAGO_Hardware_852-1813/010-000: Firmware versions prior to V1.2.1.S0 and version V1.2.1.S0 * WAGO_Hardware_852-1816/010-000: Firmware versions prior to V1.2.1.S0 and version V1.2.1.S0 * WAGO_Hardware_852-1813/010-001: Firmware version V1.2.1.S1 It is crucial to note that the affected product status is currently listed as `known_affected`. ### CWE-912: Hidden Functionality This vulnerability is categorized under **CWE-912**, which refers to the use of hidden functionality in software that can be exploited for malicious purposes. ### Mitigation **WAGO** has released firmware updates to address this vulnerability. Users of the affected devices are strongly advised to update to the latest firmware versions as soon as possible. Refer to the **WAGO** security advisories for detailed instructions on how to update your devices. [View CVE Details](https://www.cve.org/CVERecord?id=CVE-2026-3587)