WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07

VDE-2020-027 (2020-09-30 13:06 UTC+0200)

CVE Identifier

CVE-2020-12505

Affected Vendors

WAGO

Affected Products

Product Affected Versions
750-852 <= FW07
750-880/xxx-xxx <= FW07
750-881 <= FW07
750-831/xxx-xxx <= FW07
750-882 <= FW07
750-885/xxx-xxx <= FW07
750-889 <= FW07

Vulnerability Type

Improper Authentication and Authorization (CWE-287)

Summary

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to change some special parameters without authentication.

Impact

This vulnerability allows an attacker who has access to the WBM to prevent the loading of the runtime-application after restart of the device by sending specifically constructed requests without authentication.

Solution

Upgrade devices to the latest standard firmware.

Product Fixed Versions
750-852 > FW07
750-880/xxx-xxx > FW07
750-881 > FW07
750-831/xxx-xxx > FW07
750-882 > FW07
750-885/xxx-xxx > FW07
750-889 > FW07

Mitigation

  • Restrict network access to the device.
  • Do not directly connect the device to the internet.
  • Disable unused TCP/UDP ports.
  • Disable web-based management ports 80/443 after the configuration phase

Reported by

Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.

CERT@VDE coordinated.