|Article No°||Product Name||Affected Version(s)|
|750-331/xxx-xxx||FW01 <= FW10|
|750-352||FW01 <= FW10|
|750-829||FW01 <= FW10|
|750-831/xxx-xxx||FW01 <= FW10|
|750-852||FW01 <= FW10|
|750-880/xxx-xxx||FW01 <= FW10|
|750-881||FW01 <= FW10|
|750-882||FW01 <= FW10|
|750-885||FW01 <= FW10|
|750-889||FW01 <= FW10|
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Older firmware versions of the PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
All newer Firmware releases since FW11, released in December 2017, are not affected.
Additional, affected devices:
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
An attacker which sends a series of maliciously constructed packets to HTTP(S) ports 80/443 could cause a crashed device, that needs a power on reset to go back to normal operation.
Update the device to the latest FW version available here:
This vulnerability was reported to WAGO by William Knowles (Applied Risk)