Back to overview

WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service

VDE-2023-006
Last update
07/08/2024 12:00
Published at
06/25/2023 08:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2023-006
CSAF Document
Download

Summary

An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.
Update: 08.07.2024 release date of the updates has been changed.

Impact

Abusing these vulnerabilities an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.

Affected Product(s)

Model no. Product name Affected versions
Ethernet Controller 3rd Generation 750-331 Firmware <=FW14
Ethernet Controller 3rd Generation 750-829 Firmware <=FW14
Ethernet Controller 3rd Generation 750-831/xxx-xxx Firmware <=FW14
Ethernet Controller 3rd Generation 750-852 Firmware <=FW16
Ethernet Controller 3rd Generation 750-880/xxx-xxx Firmware <=FW16
Ethernet Controller 3rd Generation 750-881 Firmware <=FW16
Ethernet Controller 3rd Generation 750-882 Firmware <=FW16
Ethernet Controller 3rd Generation 750-885/xxx-xxx Firmware <=FW16
Ethernet Controller 3rd Generation 750-889 Firmware <=FW16
Ethernet Controller 4th Generation 750-332 Firmware <=FW6
Ethernet Controller 4th Generation 750-823 Firmware <=FW10
Ethernet Controller 4th Generation 750-832/xxx-xxx Firmware <=FW6
Ethernet Controller 4th Generation 750-862 Firmware <=FW10
Ethernet Controller 4th Generation 750-890/xxx-xxx Firmware <=FW10
Ethernet Controller 4th Generation 750-891 Firmware <=FW10
Ethernet Controller 4th Generation 750-893 Firmware <=FW10
750-8202/xxx-xxx, 750-8203/xxx-xxx, 750-8204/xxx-xxx, 750-8206/xxx-xxx, 750-8207/xxx-xxx, 750-8208/xxx-xxx, 750-8210/xxx-xxx, 750-8211/xxx-xxx, 750-8212/xxx-xxx, 750-8213/xxx-xxx, 750-8214/xxx-xxx, 750-8216/xxx-xxx, 750-8217/xxx-xxx PFC200 Firmware <=FW22 SP1

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:58
Severity
4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Validation of Consistency within Input (CWE-1288)
Summary

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:58
Severity
4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Validation of Consistency within Input (CWE-1288)
Summary

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

References
cve.org | nvd.nist.gov

Mitigation

If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under "Configuration > PLC Runtime Services > CODESYS 2 > communication enabled".

As general security measures strongly WAGO recommends:

  1. Use general security best practices to protect systems from local and network attacks.
  2. Do not allow direct access to the device from untrusted networks.
  3. Update to the latest firmware according to the table in chapter solutions.
  4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.

The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).

Remediation

We recommend all affected users to update to the firmware version listed below:

PFC200 Family

Order No. Firmware Version
750-8202/xxx-xxx FW 22 Patch 2
750-8203/xxx-xxx FW 22 Patch 2
750-8204/xxx-xxx FW 22 Patch 2
750-8206/xxx-xxx FW 22 Patch 2
750-8207/xxx-xxx FW 22 Patch 2
750-8208/xxx-xxx FW 22 Patch 2
750-8210/xxx-xxx FW 22 Patch 2
750-8211/xxx-xxx FW 22 Patch 2
750-8212/xxx-xxx FW 22 Patch 2
750-8213/xxx-xxx FW 22 Patch 2
750-8214/xxx-xxx FW 22 Patch 2
750-8216/xxx-xxx FW 22 Patch 2
750-8217/xxx-xxx FW 22 Patch 2

Ethernet Controller 4th Generation Family

Order No. Firmware Version
750-823 FW 11
750-332 FW 11
750-832/xxx-xxx FW 11
750-862 FW 11
750-890/xxx-xxx FW 11
750-891 FW 11
750-893 FW 11

Ethernet Controller 3rd Generation Family

Order No. Firmware Version
750-331 FW 17 (after BACnet certification)
750-829 FW 17 (after BACnet certification)
750-831/xxx-xxx FW 17 (after BACnet certification)
750-852 FW 17 (already available)
750-880/xxx-xxx FW 17 (after BACnet certification)
750-881 FW 17 (after BACnet certification)
750-882 FW 17 (after BACnet certification)
750-885/xxx-xxx FW 17 (after BACnet certification)
750-889 FW 17 (after BACnet certification)

Revision History

Version Date Summary
1 06/25/2023 08:00 Initial revision.
2 07/08/2024 12:00 Release date of the updates has been changed.