VDE-2020-044 | CERT@VDE

2021-08-31 09:01 (CEST) VDE-2020-044

WAGO: Web-Based Management Authentication Vulnerability in WAGO 750-36X and WAGO 750-8XX

Share: Email | Twitter

ID

VDE-2020-044

Published

2021-08-31 09:01 (CEST)

Last update

2021-08-31 09:01 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	750-362	<= FW07
	750-363	<= FW07
	750-823	<= FW07
	750-832/xxx-xxx	<= FW07
	750-862	<= FW07
	750-890/xxx-xxx	<= FW07
	750-891	<= FW07
	750-893	<= FW07

Summary

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to read and write some special parameters without authentication.
This vulnerability is different to advisory SAV-2020-014 / VDE-2020-028.

CVE ID

CVE-2021-34578

Last Update:

Nov. 17, 2022, 1:09 p.m.

Severity

8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Authentication (CWE-287)

Summary

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Details

nvd.nist.gov

Impact

This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure of the WBM to read and/or write a settings-parameter of the devices by sending specifically constructed requests without authentication.
This can lead to malfunction of the application after reboot.

Solution

Update the device to the latest FW version.

Mitigation

Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP ports.
Disable web-based management ports 80/443 after the configuration phase

Reported by

Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.
CERT@VDE coordinated.