WAGO: PLC families 750-88x and 750-352 prone to DoS attack, versions < FW10 (Update A)
VDE-2020-042 (2020-10-27 11:28 UTC+0100)
CVE Identifier
CVE-2020-12516Affected Vendors
WAGO
Affected Products
- 750-352
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
UPDATE A:
- 750-331/xxx-xxx
- 750-829
- 750-882
- 750-885
END UPDATE A
Firmware versions from FW1 to FW10 are affected. All newer Firmware releases since FW11, released in December 2017, are not affected.
Vulnerability Type
Uncontrolled Resource Consumption (CWE-400)
Summary
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Older firmware versions of the PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
Impact
An attacker which sends a series of maliciously constructed packets to HTTP(S) ports 80/443 could cause a crashed device, that needs a power on reset to go back to normal operation.
Solution
Update the device to the latest FW version available here: https://www.wago.com/us/requestDownload?downloadFile=FWMedia_58_750-881
Mitigation
- Restrict network access to the device.
- Do not directly connect the device to the internet
- Disable unused TCP/UDP-ports
Reported by
This vulnerability was reported to WAGO by William Knowles (Applied Risk)
CERT@VDE coordinated.