Finding WAGO 750–88x PLC Using Google
Welcome to the 16th installment of “OT Hunt” where we delve into the world of ICS/OT devices connected to the internet. The primary aim of this series is to raise awareness within the ICS community and serve as a wake-up call for both asset owners and ICS/OT vendors to fortify their assets against potential cyber threats.
In our last article, we discussed the WAGO PLC 750–88x and how to find it on Shodan. If you missed it, you can check it out here. This time, we’ll take a different approach and try to find the WAGO PLC 750–88x using Google, completely free of charge. This method provides juicier information and demonstrates the power of OSINT using Google filters.
This OSINT technique exposes web interfaces for PLCs connected and managed from the internet. Use the following search queries to find web-based management interfaces of WAGO PLCs. Here’s how you can do it:
Technique 1: Search by Model Number
To find WAGO 750–880, use:
intitle:"WAGO Ethernet web-based-management" intext:"750-880"Technique 2: List or Find Existing Firmware
To discover firmware revision details, use:
intitle:"WAGO Ethernet web-based-management" intext:"Firmware revision"Technique 3: Search by MAC Address
Finding devices by their MAC address can be done with:
intitle:"WAGO Ethernet web-based-management" intext:"Mac address"Technique 4: Search by Order/Version Number
You can search for specific order or version numbers using:
intitle:"WAGO Ethernet web-based-management" intext:"Order number"Technique 5: List/Find Internal IP
To find internal IP addresses, use:
intitle:"WAGO Ethernet web-based-management" intext:"IP address"Critical infrastructure security and safety are crucial. Some asset owners have their PLCs connected to the internet. As demonstrated, by looking at the PLC web management website, you can obtain a lot of information about the PLC, its network, and other important details like version numbers, which may be vulnerable or unpatched, leading to potential exploits with a little research on how to do that. Login forms exist too; they could be exploited with some web hacking techniques. Check OWASP Top 10 for a list of common web security issues.
In closing, I invite you to explore our project, ICSRank — a unique tool tailored for the ICS/OT domain, exemplifying our commitment to enhancing ICS/OT cybersecurity. With its capabilities to Discover, Assess, and Secure, ICSRank stands as a vital resource in fortifying ICS/OT environments against cyber threats.
