Share: Email | Twitter

ID

VDE-2021-038

Published

2021-08-31 09:00 (CEST)

Last update

2021-09-08 09:48 (CEST)

Vendor(s)

WAGO

Product(s)

Product Version
750-831/xxx-xxx FW4<=FW15
750-880/xxx-xxx
750-881
750-889

Summary

WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication.
With special crafted requests it is possible to bring the device out of operation.
All listed devices are vulnerable for this denial of service attack.


Weakness

Missing Release of Resource after Effective Lifetime  (CWE-772) 

Summary

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

Impact

This vulnerability allows an attacker who has access to the device to send a series of maliciously constructed packets which can bring the device out of operation. The device needs a power on reset to go back to normal operation.

Solution

Update the device to the latest FW version.

Mitigation

  • Restrict network access to the device.
  • Do not directly connect the device to the internet
  • Disable unused TCP/UDP-ports
  • Disable Web Based Management ports 80/443 after configuration phase.

Reported by

These vulnerabilities were reported to WAGO by: Uwe Disch, https://www.disch-online.de
Coordination done by CERT@VDE.