Zurück zur Übersicht

WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3

VDE-2021-049
Last update
22.05.2025 15:03
Published at
16.11.2021 13:05
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2021-049
CSAF Document
Download

Summary

A Denial-of-Service Vulnerability was reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC's. All vulnerable PLCs are listed in chapter 'Affected Products'.

Impact

The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerability, to manipulate and disrupt the CODESYS 2.3 Runtime of the device.

Affected Product(s)

Model no. Product name Affected versions
750-8202/xxx-xxx Firmware <=FW19
750-8203/xxx-xxx Firmware <=FW19
750-8204/xxx-xxx Firmware <=FW19
750-8206/xxx-xxx Firmware <=FW19
750-8207/xxx-xxx Firmware <=FW19
750-8208/xxx-xxx Firmware <=FW19
750-8210/xxx-xxx Firmware <=FW19
750-8211/xxx-xxx Firmware <=FW19
750-8212/xxx-xxx Firmware <=FW19
750-8213/xxx-xxx Firmware <=FW19
750-8214/xxx-xxx Firmware <=FW19
750-8216/xxx-xxx Firmware <=FW19
750-8217/xxx-xxx Firmware <=FW19

Vulnerabilities

Expand / Collapse all

Published
24.09.2025 12:38
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Handling of Exceptional Conditions (CWE-755)
Summary

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

References
cve.org | nvd.nist.gov

Mitigation

  1. Use general security best practices to protect systems from local and network attacks.
  2. Do not allow direct access to the device from untrusted networks.
  3. Update to the latest firmware according to the table in chapter solutions.
  4. Disable the CODESYS 2.3 port 2455.

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

  • CERTVDE for coordination (see https://certvde.com )
  • Steffen Robertz and Gerhard Hechenberger from SEC Consult Vulnerability Lab. for reporting

Revision History

Version Date Summary
1 16.11.2021 13:05 initial revision
2 22.05.2025 15:03 Fix: version space, added distribution, quotation mark