PatchSiren cyber security CVE debrief

CVE-2016-9362 Wago CVE debrief

CVE-2016-9362 is a critical authentication flaw in the web server of several WAGO controllers. According to the CVE description, an attacker can use a specific URL to view and edit settings without authenticating. The issue was publicly disclosed on 2017-02-13 and carries a CVSS 3.0 score of 9.1.

Vendor: Wago
Product: CVE-2016-9362
CVSS: CRITICAL 9.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

OT and industrial automation teams running affected WAGO 750-8202/PFC200, 750-881, or 0758-0874-0000-0111 devices should treat this as urgent. Any environment exposing the controller web interface to untrusted networks should prioritize review and remediation.

Technical summary

NVD classifies the weakness as CWE-287 (Improper Authentication) and rates it CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. That means the flaw is remotely reachable, requires no privileges or user interaction, and can expose confidential settings while allowing integrity-impacting changes. The supplied description indicates affected firmware versions were older than WAGO FW04 for 750-8202/PFC200 and FW09 for 750-881.

Defensive priority

Critical. This is a network-exploitable, unauthenticated access-control failure on an industrial controller web interface with high confidentiality and integrity impact.

Recommended defensive actions

Identify whether any WAGO 750-8202/PFC200, 750-881, or 0758-0874-0000-0111 devices are in use.
Determine whether the web server management interface is reachable from untrusted or broader-than-necessary network segments.
Apply the vendor-referenced firmware updates or later versions corresponding to FW04 or FW09, as applicable to the device.
Restrict access to the controller web interface with network controls such as segmentation, allowlists, or jump hosts.
Review controller settings for unexpected changes and preserve logs or configuration backups for comparison.
If remediation must be delayed, isolate the device and minimize exposure to authenticated administrative paths only.

Evidence notes

The summary is based on the supplied CVE description, which states that a malicious user can access a specific URL on the web server to view and edit settings without authenticating. NVD metadata in the corpus provides the CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N and CWE-287. The linked ICS-CERT advisory reference (ICSA-16-357-02) is included in the source corpus as supporting context.

Official resources

CVE-2016-9362 CVE record
CVE.org
CVE-2016-9362 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

Publicly disclosed on 2017-02-13. The description says the affected firmware versions were prior to WAGO FW04 for 750-8202/PFC200 and prior to FW09 for 750-881, with the release timing of those firmware versions noted as August 2015 and 201