An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
Abusing this vulnerability an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.
In case no MODBUS communication is needed the MODBUS-Server should be deactivated in the product settings of the web-based management.
As general security measures WAGO strongly recommends:
We recommend all effected users to update to the firmware version listed below:
|Series WAGO 750-3x/-8x|
|Article Number||Fixed in Firmware Version|
|750-332||FW11 after BACnet certification|
|750-832/xxx-xxx||FW11 after BACnet certification|
WAGO thanks Roman Ezhov from Kaspersky for reporting.
CERT@VDE coordinated with WAGO.