SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-819811798] WAGO 750 Series

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-29OtherWAGOYounes Dragoni of Nozomi Networks reported the vulnerability to NCCIC.N/ACVE-2018-8836 N/AN/AN/A

Source

						
							
								
#
# WAGO 750 Series
#


### VULNERABLE VENDOR
WAGO


### VULNERABLE PRODUCT
750 Series 


### RESEARCHER
Younes Dragoni of Nozomi Networks reported the vulnerability to NCCIC.


### AFFECTED PRODUCTS
The following versions of 750 series PLC are affected:

750-880 firmware version 10 and prior,
750-881 firmware version 10 and prior,
750-852 firmware version 10 and prior,
750-882 firmware version 10 and prior,
750-885 firmware version 10 and prior,
750-831 firmware version 10 and prior,
750-889 firmware version 10 and prior, and
750-829 firmware version 10 and prior


### IMPACT
Successful exploitation of this vulnerability could allow a denial-of-service condition affecting the ability of the device to establish connections to commissioning and service software tools.


### VULNERABILITY OVERVIEW
IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404
A remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools.
Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.
CVE-2018-8836 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)





### BACKGROUND
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States, Germany, Switzerland, Poland, China, and India




### MITIGATION

WAGO has released new firmware addressing this vulnerability that can be obtained by contacting WAGO support via email at support@wago.com


.

If updating the firmware is not feasible WAGO recommends that users disable the WAGO Service Communication via WBM or limit the access to Ports 6626 and 2455/TCP/IP to trusted devices.

For more information see WAGO’s security advisory:

Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf