WAGO Web-Based Management Default Login Scanner

This scanner detects the use of WAGO Web-Based Management in digital assets. It identifies interfaces that are accessible using default credentials, exposing critical OT infrastructure to unauthorized access.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

24 days 13 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

WAGO Web-Based Management interfaces allow users to configure and monitor programmable logic controllers (PLCs) and automation systems. These tools are utilized in manufacturing plants, process industries, and commercial automation settings. System integrators, engineers, and IT professionals use these interfaces to ensure optimal system performance and management. These interfaces can be targeted by unauthorized users if default credentials remain unchanged. Default credentials provide a threshold vulnerability, compromising industrial control systems. Routine security checks and modifications are crucial in protecting such vital infrastructure from unauthorized access.

The detection focuses on identifying instances where WAGO Web-Based Management interfaces have not had their default credentials changed. This is relevant as many users neglect or forget to update default settings during initial configurations. Detection is important as it aids in preventing unauthorized access to critical interfaces used for managing industrial control systems. By detecting interfaces that still use default credentials, organizations are alerted to potential access points for malicious actors. Failing to address this vulnerability could lead to unauthorized monitoring and manipulation of system settings. This simple oversight exposes organizations to excessive risk and potential operational disruption.

The technical details involve checking the login function within the web-based interface of WAGO systems, specifically using default credentials ‘admin:wago’. The scanner sends a POST request to the /wbm/login.php endpoint to authenticate. A successful login with these credentials suggests the interface remains at its default configuration state. The scanner also checks for specific match conditions in the HTTP response, including a response body specifying default credential usage and a 200 status code. Detection confirms interface vulnerability based on unchanged default credentials. Such details highlight how accessible system administration components can become if not updated.

If an unauthorized party exploits this vulnerability, it can lead to the compromise of the WAGO Web-Based Management interfaces. A successful attack enables attackers to interfere with industrial processes controlled by WAGO systems. This could result in unauthorized changes to system settings, leading to operational disruptions. Attackers may gather sensitive information, affecting confidentiality. Exploited systems may also become entry points for wider network infections or other malicious activities. Maintaining default credentials weakens the entire security posture of the organization, risking both safety and productivity.

Get started to protecting your digital assets