WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication.
With special crafted requests it is possible to bring the device out of operation.
All listed devices are vulnerable for this denial of service attack.
This vulnerability allows an attacker who has access to the device to send a series of maliciously constructed packets which can bring the device out of operation. The device needs a power on reset to go back to normal operation.
Update the device to the latest FW version.
These vulnerabilities were reported to WAGO by: Uwe Disch, https://www.disch-online.de
Coordination done by CERT@VDE.