WAGO Kontakttechnik GmbH — 00:30:DE (MA-L)

WAGO Kontakttechnik GmbH holds a single IEEE MA-L block, 00:30:DE, registered to the legacy address Hansastrasse 27, 32423 Minden, Germany — the company's headquarters in North Rhine-Westphalia, with a second major manufacturing site in Sondershausen, Thuringia. WAGO is a privately held, family-owned firm (operating today as WAGO Kontakttechnik GmbH & Co. KG) founded in 1951, with roughly 9,000 employees worldwide. While WAGO's heritage and largest business line is spring-clamp terminal blocks and electrical interconnect, the products that actually carry this OUI are its industrial automation and networking devices: PFC100/PFC200 and 750-Series programmable fieldbus controllers, Edge Controllers, fieldbus and Ethernet couplers (Modbus TCP, PROFINET, EtherNet/IP, CANopen, PROFIBUS), I/O modules, Touch Panel 600 HMIs, and managed/unmanaged industrial Ethernet switches. Because these are operational-technology (OT) endpoints, a 00:30:DE address on a network is a strong signal of an industrial control device — typically a PLC, coupler, or industrial switch on a plant floor, in building automation (BACnet/IP), or in energy and process infrastructure. That carries security weight: WAGO controllers have an extensive published CVE and CISA-advisory history, including pre-authentication remote-code-execution chains (CVE-2021-34566/34567 in the I/O-Check service) and critical missing-authentication flaws in the Web-Based Management interface (CVE-2022-45138/45140), plus the OT:Icefall-era DoS issues in 750-Series CODESYS runtimes (CVE-2023-1619/1620). Seeing one of these MACs outside an isolated OT VLAN is itself a segmentation concern. As with all IEEE OUI work, no registration date is available — IEEE publishes none, and any "date registered" on third-party lookup tools is a database artifact, not an IEEE fact.

IEEE assignment

00:30:DE → WAGO Kontakttechnik GmbH, registered Hansastrasse 27, 32423 Minden, DE [Confirmed] — IEEE MA-L (enrichment/registries/oui.csv, row MA-L,0030DE,WAGO Kontakttechnik GmbH,Hansastrasse 27 32423 Minden DE); corroborated https://maclookup.app/vendors/wago-kontakttechnik-gmbh, https://www.cleancss.com/mac-lookup/00-30-DE

Registry / block size

MA-L (24-bit OUI; ~16.7M addresses) [Confirmed] — IEEE MA-L registry / https://maclookup.app/vendors/wago-kontakttechnik-gmbh. NOTE: IEEE's public OUI data publishes NO assignment/registration date (oui.csv columns are only Registry, Assignment, Organization Name, Organization Address); any "date registered" on third-party tools is a database artifact, not an IEEE fact.

Additional assignments

None found — 00:30:DE is the only WAGO prefix across the MA-L, MA-M (mam.csv), and MA-S (oui36.csv) registries [Confirmed] — IEEE registry CSVs (no WAGO match in mam.csv / oui36.csv)

HQ / country

Hansastrasse 27, 32423 Minden, North Rhine-Westphalia, Germany (registry address; second major site in Sondershausen, Thuringia) [Confirmed] — IEEE MA-L / https://en.wikipedia.org/wiki/WAGO_GmbH / https://www.cleancss.com/mac-lookup/00-30-DE

Company status

active — privately held family-owned company (WAGO Kontakttechnik GmbH & Co. KG), founded 1951, ~9,000 employees worldwide, 2025 revenue ≈ €1.34 billion [Confirmed] — https://en.wikipedia.org/wiki/WAGO_GmbH

Device types

industrial automation products — PLCs (PFC100, PFC200, 750-Series, XTR), fieldbus/Ethernet couplers (Modbus TCP, PROFINET, EtherNet/IP, CANopen, PROFIBUS), I/O modules, Edge Controllers, Touch Panel 600 HMIs, industrial Ethernet switches [Confirmed] — https://www.wago.com/us/plcs / https://www.wago.com/us/discover-io-systems / https://www.wago.com/global/automation-technology/industrial-ethernet-switches / https://www.farnell.com/datasheets/1788122.pdf

Notable products

PFC200 controller, 750-Series fieldbus system, spring-clamp terminal blocks (company's primary product heritage; the OUI-bearing line is the automation/networking range)

Supported protocols

Modbus TCP/IP, EtherNet/IP, PROFINET, BACnet/IP, HTTP, SNMP, FTP, DHCP, DNS, SNTP [Confirmed] — https://www.wago.com/us/discover-io-systems / https://www.farnell.com/datasheets/1788122.pdf

Industry sectors

industrial automation and manufacturing; process automation; building automation (BACnet/IP); energy supply and grid infrastructure; transportation; commercial facilities — especially prevalent across Europe (Germany, France, Turkey) per OT-security research [Confirmed] — https://www.wago.com/us/automation-technology / https://www.securityweek.com/oticefall-vulnerabilities-identified-in-wago-controllers/

Security context

WAGO OT/ICS devices have a documented CVE history and multiple CISA ICS advisories. (1) CVE-2021-34566 (shared-memory overflow) + CVE-2021-34567 (out-of-bounds read) in PFC100/PFC200/Edge Controller/Touch Panel 600 — chainable for pre-auth RCE via crafted packets to the iocheckd I/O-Check service; patched June 2021 (FW18 Patch 3). (2) CVE-2022-45138 / CVE-2022-45140 (Critical — missing authentication for critical function) in Web-Based Management across CC100/Edge Controller/PFC100/PFC200/Touch Panel 600 (FW16–FW23): unauthenticated parameter read/write and root-privilege arbitrary write enabling full takeover; CVE-2022-45137 (reflected XSS) and CVE-2022-45139 (CORS misconfig) also present (researcher Ryan Pickren, Georgia Tech). (3) CVE-2023-1619 / CVE-2023-1620 in 750 controllers (CODESYS v2 runtime): authenticated DoS via malformed packets and insufficient session expiration, recovery needs manual reboot — featured in OT:Icefall research (Forescout, 2023). (4) CISA advisories ICSA-18-088-01 and ICSA-19-106-02 cover DoS and user enumeration in 750-88x/750-87x CODESYS service. Standard CISA mitigations apply: segment OT networks behind firewalls, do not expose to the internet, disable I/O-Check post-commissioning. Hundreds of WAGO PFC devices have been observed internet-exposed. [Confirmed] — https://www.securityweek.com/vulnerabilities-wago-devices-expose-industrial-firms-remote-attacks/ / https://cyble.com/blog/critical-vulnerabilities-in-wago-web-based-management-system/ / https://www.securityweek.com/oticefall-vulnerabilities-identified-in-wago-controllers/ / https://www.cisa.gov/news-events/ics-advisories/icsa-19-106-02 / https://www.cisa.gov/news-events/ics-advisories/icsa-18-088-01

Analyst note

A 00:30:DE MAC almost certainly indicates an industrial OT device — a WAGO PLC, fieldbus coupler, or industrial switch, and a high-value target in OT/ICS environments. Finding one on an IT/corporate segment rather than an isolated OT VLAN is a segmentation concern. These devices may expose HTTP management interfaces and CODESYS runtime ports; default credentials are a known risk vector per the CVE-2022-45138/45140 advisories. [Confirmed] — https://cyble.com/blog/critical-vulnerabilities-in-wago-web-based-management-system/ / https://www.securityweek.com/vulnerabilities-wago-devices-expose-industrial-firms-remote-attacks/