Skip to main content

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 23, 2026 - 08:15 euvd
EUVD-2026-14385
Analysis Generated
Mar 23, 2026 - 08:15 vuln.today
CVE Published
Mar 23, 2026 - 07:49 nvd
CRITICAL 10.0

DescriptionCVE.org

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.

AnalysisAI

A hidden function in the CLI prompt of multiple WAGO industrial and lean managed switches allows unauthenticated remote attackers to escape the restricted interface and gain root access to the underlying Linux operating system. This results in complete device compromise with a maximum CVSS score of 10.0. The vulnerability affects over a dozen WAGO switch models used in industrial automation environments, and was disclosed by CERT@VDE.

Technical ContextAI

This vulnerability affects WAGO industrial and lean managed switch products running Linux-based firmware with a restricted CLI interface. The root cause is CWE-912 (Hidden Functionality), indicating the presence of undocumented or improperly restricted commands accessible through the command-line interface. Affected products include the Lean Managed Switch series (852-1812, 852-1813, 852-1816 and their variants) and Industrial Managed Switch series (852-303, 852-602, 852-603, 852-1305, 852-1505, 852-1605 and their variants). The CLI should enforce a restricted shell environment to prevent access to the underlying operating system, but a hidden function bypasses these restrictions entirely, allowing shell escape to gain root privileges on the Linux OS without any authentication requirement.

RemediationAI

Consult the CERT@VDE advisory at https://certvde.com/de/advisories/VDE-2026-020 for vendor-provided firmware updates that remove or properly restrict the hidden CLI function. Until firmware updates can be applied, implement network-level compensating controls including restricting management interface access to dedicated management VLANs accessible only from trusted administrator workstations, deploying firewall rules to block CLI/SSH access from untrusted networks, and implementing network segmentation to isolate affected switches from public networks. Disable remote management interfaces entirely if local console access is feasible for your operational requirements. Monitor network traffic for unexpected CLI access attempts and unauthorized connection patterns to these devices.

Share

CVE-2026-3587 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy