|2018-03-29||Other||WAGO||Younes Dragoni of Nozomi Networks reported the vulnerability to NCCIC.||N/A||CVE-2018-8836 ||N/A||N/A||N/A|
# WAGO 750 Series
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
Younes Dragoni of Nozomi Networks reported the vulnerability to NCCIC.
### AFFECTED PRODUCTS
The following versions of 750 series PLC are affected:
750-880 firmware version 10 and prior,
750-881 firmware version 10 and prior,
750-852 firmware version 10 and prior,
750-882 firmware version 10 and prior,
750-885 firmware version 10 and prior,
750-831 firmware version 10 and prior,
750-889 firmware version 10 and prior, and
750-829 firmware version 10 and prior
Successful exploitation of this vulnerability could allow a denial-of-service condition affecting the ability of the device to establish connections to commissioning and service software tools.
### VULNERABILITY OVERVIEW
IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404
A remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools.
Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.
CVE-2018-8836 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States, Germany, Switzerland, Poland, China, and India
WAGO has released new firmware addressing this vulnerability that can be obtained by contacting WAGO support via email at email@example.com
If updating the firmware is not feasible WAGO recommends that users disable the WAGO Service Communication via WBM or limit the access to Ports 6626 and 2455/TCP/IP to trusted devices.
For more information see WAGO’s security advisory: