WAGO 750-8xx Controller Denial of Service

VDE-2018-013 (2018-08-17 12:45 UTC+0200)

CVE Identifier

n/a

Affected Vendors

WAGO

Affected Products

Wago 750-889 Controller KNX IP, Version 01.07.13(10)
Wago 750-8100 Controller PFC100, Version 02.05.23(08)
Wago 750-880 Controller ETH., Version 01.07.03(10)
Wago 750-831 Controller BACnet/IP, Version 01.02.29(09)

Summary

The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets.

Please consult the original paper for details (link at the bottom of this advisory).

Impact

High network load can consume CPU power in such a way that the normal operation of the device can be affected, i.e. the configured cycle time can be influenced. After high network load is removed, the device continues to operate in normal mode.

Solution

We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.

The switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:

750-8xx: Ethernet > "Misc. Configuration" > "internal Port" > "Output Limit Rate"

750-8xxx: Network > Ethernet > „Switch Configuration“ > „Rate Limit“

 

Please also consult the product manuals as this is a known problem for some devices:

750-880

  1. Go to https://www.wago.com/de/sps/controller-ethernet/p/750-880
  2. Select "Downloads"
  3. In section "Dokumentation" choose "ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016" and select your language for the manual.
  4. See section 9.3: Functional Restrictions and Limits

750-889

  1. Go to https://www.wago.com/de/sps/controller-ethernet/p/750-889
  2. Select "Downloads"
  3. In section "Dokumentation" choose "Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016" and select your language for the manual.
  4. See section 10.4: Functional Restrictions and Limits

750-831

  1. Go to https://www.wago.com/de/sps/controller-ethernet/p/750-831
  2. Select "Downloads"
  3. In section "Dokumentation" choose "BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017" and select your language for the manual.
  4. See section 9.5: Functional Restrictions and Limits

 

 

Reported by

This vulnerability was reported by Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universität Berlin) and Florian Fischer (Hochschule Augsburg)

https://www.usenix.org/system/files/conference/woot18/woot18-paper-niedermaier.pdf