An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Abusing these vulnerabilities an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.
If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under “Configuration > PLC Runtime Services > CODESYS 2 > communication enabled”.
As general security measures strongly WAGO recommends:
The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).
We recommend all effected users to update to the firmware version listed below:
|FW 22 Patch 2 available in Q4 2023
|Ethernet Controller 4th Generation family
|FW 11 available in early Q3 2023
|Ethernet Controller 3rd Generation family
|FW 17 (after BACnet certification)
|FW 17 (already available)
The vulnerability was reported by Daniel dos Santos and Abdelrahman Hassanien from Forescout.
Coordination done by CERT@VDE.