Cyber Resilience

CVE-2024-1490

HighRCE

Published: 09 April 2026

Published
09 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1490 is a high-severity Code Injection (CWE-94) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-1490 is a code injection vulnerability (CWE-94) in the OpenVPN configuration feature accessible via the web-based management interface of WAGO PLC devices. Published on 2026-04-09, it enables an authenticated remote attacker with high privileges to execute arbitrary shell commands on the device, provided that user-defined scripts are permitted in the OpenVPN setup. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Exploitation requires an attacker to first gain high-privilege authenticated access remotely over the network. From there, they can manipulate the OpenVPN configuration through the web interface to inject and trigger arbitrary shell commands, achieving full remote code execution on the PLC. This could allow complete device compromise, such as data exfiltration, modification of PLC operations, or further lateral movement in industrial environments.

Mitigation guidance is detailed in advisories including VDE-2024-008 from CERT VDE (https://certvde.com/de/advisories/VDE-2024-008) and the associated CSAF provider JSON (https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json). Security practitioners should consult these for patching instructions, configuration hardening, and disabling unnecessary user-defined scripts in OpenVPN.

EU & UK References

Vulnerability details

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run…

more

arbitrary commands on the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct code injection in web management interface of public-facing PLC enables remote exploitation for arbitrary command execution (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-13773Shared CWE-94
CVE-2025-50692Shared CWE-94
CVE-2026-30643Shared CWE-94
CVE-2026-30460Shared CWE-94
CVE-2025-71243Shared CWE-94
CVE-2026-44262Shared CWE-94
CVE-2024-13792Shared CWE-94
CVE-2020-37052Shared CWE-94
CVE-2026-42555Shared CWE-94
CVE-2025-65037Shared CWE-94

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through vendor patching directly eliminates the code injection vulnerability in the OpenVPN configuration feature.

prevent

Least functionality restricts or prohibits user-defined scripts in OpenVPN, preventing the prerequisite condition for arbitrary shell command execution.

prevent

Information input validation on the web-based management interface blocks malicious code injection into OpenVPN configurations.

References