Share: Email | Twitter

ID

VDE-2020-042

Published

2020-10-27 11:28 (CET)

Last update

2021-11-08 10:31 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
750-331/xxx-xxx FW01 <= FW10
750-352 FW01 <= FW10
750-829 FW01 <= FW10
750-831/xxx-xxx FW01 <= FW10
750-852 FW01 <= FW10
750-880/xxx-xxx FW01 <= FW10
750-881 FW01 <= FW10
750-882 FW01 <= FW10
750-885 FW01 <= FW10
750-889 FW01 <= FW10

Summary

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Older firmware versions of the PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

All newer Firmware releases since FW11, released in December 2017, are not affected.

UPDATE A

Additional, affected devices:

  • 750-331/xxx-xxx
  • 750-829
  • 750-882
  • 750-885

Weakness

Uncontrolled Resource Consumption  (CWE-400) 

Summary

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.


Impact

An attacker which sends a series of maliciously constructed packets to HTTP(S) ports 80/443 could cause a crashed device, that needs a power on reset to go back to normal operation.

Solution

Mitigation

  • Restrict network access to the device.
  • Do not directly connect the device to the internet
  • Disable unused TCP/UDP-ports

Solution

Update the device to the latest FW version available here:

https://www.wago.com/us/requestDownload?downloadFile=FWMedia_58_750-881

Reported by

This vulnerability was reported to WAGO by William Knowles (Applied Risk)

CERT@VDE coordinated.