WAGO: OpenSSL DoS Vulnerability in PLCs

WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication. With special crafted requests it is possible to bring the device out of operation. All listed devices are vulnerable for this denial of service attack.

VDE-2021-038 (2021-08-31 09:00 UTC+0200)

CVE Identifier

CVE-2021-34581

Affected Vendors

WAGO

Affected Products

Product Version
750-831/xxx-xxx FW4<=FW15
750-880/xxx-xxx
750-881
750-889

Summary

WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication.
With special crafted requests it is possible to bring the device out of operation.
All listed devices are vulnerable for this denial of service attack.

CVE-2021-34581
Denial of Service vulnerability inside the OpenSSL implementation

Impact

This vulnerability allows an attacker who has access to the device to send a series of maliciously constructed packets which can bring the device out of operation. The device needs a power on reset to go back to normal operation.

Solution

Update the device to the latest FW version.

Mitigation

  • Restrict network access to the device.
  • Do not directly connect the device to the internet
  • Disable unused TCP/UDP-ports
  • Disable Web Based Management ports 80/443 after configuration phase.

Reported by

These vulnerabilities were reported to WAGO by: Uwe Disch, https://www.disch-online.de
Coordination done by CERT@VDE.