|Article No°||Product Name||Affected Version(s)|
|750-8100 (Controller PFC100)||<= 02.05.23(08)|
|750-831 (Controller BACnet/IP)||<= 01.02.29(09)|
|750-880 (Controller ETH)||<= 01.07.03(10)|
|750-889 (Controller KNX IP)||<= 01.07.13(10)|
The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets.
Please consult the original paper for details (link at the bottom of this advisory).
High network load can consume CPU power in such a way that the normal operation of the device can be affected, i.e. the configured cycle time can be influenced. After high network load is removed, the device continues to operate in normal mode.
We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.
The switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:
750-8xx: Ethernet > "Misc. Configuration" > "internal Port" > "Output Limit Rate"
750-8xxx: Network > Ethernet > „Switch Configuration“ > „Rate Limit“
Please also consult the product manuals as this is a known problem for some devices:
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-880
In section "Dokumentation" choose "ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016" and select your language for the manual.
See section 9.3: Functional Restrictions and Limits
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-889
In section "Dokumentation" choose "Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016" and select your language for the manual.
See section 10.4: Functional Restrictions and Limits
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-831
In section "Dokumentation" choose "BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017" and select your language for the manual.
See section 9.5: Functional Restrictions and Limits
This vulnerability was reported by Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universität Berlin) and Florian Fischer (Hochschule Augsburg)