| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| Basic Controller 100 0750-800x | all | |
| CC100 0751-9x01 | all | |
| Controller 0750-0823 | all | |
| Controller 0750-0829 | all | |
| Controller 0750-0831 (discontinued) | all | |
| Controller 0750-0842 | all | |
| Controller 0750-0843 | all | |
| Controller 0750-0852 (discontinued) | all | |
| Controller 0750-0860 (discontinued) | all | |
| Controller 0750-0862 | all | |
| Controller 0750-0863 (discontinued) | all | |
| Controller 0750-0870 (discontinued) | all | |
| Controller 0750-0871 (discontinued) | all | |
| Controller 0750-0872 (discontinued) | all | |
| Controller 0750-0880 (discontinued) | all | |
| Controller 0750-0881 (discontinued) | all | |
| Controller 0750-0882 (discontinued) | all | |
| Controller 0750-0889 | all | |
| Controller 0750-0890 | all | |
| Controller 0750-0890 | all | |
| Controller 0750-0893 | all | |
| Edge Controller 0752-8303/8000-0002 | all | |
| Fieldbus Coupler 0750-0331 | all | |
| Fieldbus Coupler 0750-0331 (discontinued) | all | |
| Fieldbus Coupler 0750-0340 (discontinued) | all | |
| Fieldbus Coupler 0750-0341 (discontinued) | all | |
| Fieldbus Coupler 0750-0342 | all | |
| Fieldbus Coupler 0750-0352 (discontinued) | all | |
| Fieldbus Coupler 0750-0362 | all | |
| Fieldbus Coupler 0750-0363 | all | |
| Fieldbus Coupler 0750-0370 (discontinued) | all | |
| Fieldbus Coupler 0750-0375 | all | |
| Fieldbus Coupler 0750-0377 | all | |
| PFC100 G1 0750-810x/xxxx-xxxx | all | |
| PFC100 G2 0750-811x-xxxx-xxxx | all | |
| PFC200 G1 750-820x-xxx-xxx | all | |
| PFC200 G2 750-821x-xxx-xxx | all | |
| TP600 0762-420x/8000-000x | all | |
| TP600 0762-430x/8000-000x | all | |
| TP600 0762-520x/8000-000x | all | |
| TP600 0762-530x/8000-000x | all | |
| TP600 0762-620x/8000-000x | all | |
| TP600 0762-630x/8000-000x | all |
A missing authentication vulnerability exists in the iocheckd service "I/O-Check" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
The reported vulnerability enables a remote attacker to send arbitrary commands without authentication. This could result in changes to settings, application deletion, factory resets, code execution, system crashes or denial of service. By using specially crafted IP packets, the attacker can manipulate settings and disrupt the device's basic functions, potentially gaining control of the device.
Mitigation
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning.
CERT@VDE coordinated with Wago