WAGO: 750-8xx Controller Denial of Service

The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets. Please consult the original paper for details (link at the bottom of this advisory).

High network load can consume CPU power in such a way that the normal operation of the device can be affected, i.e. the configured cycle time can be influenced. After high network load is removed, the device continues to operate in normal mode.

We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.

The switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:

750-8xx: Ethernet > "Misc. Configuration" > "internal Port" > "Output Limit Rate"

750-8xxx: Network > Ethernet > 'Switch Configuration' > 'Rate Limit'

Please also consult the product manuals as this is a known problem for some devices:

750-880

Go to www.wago.com/de/sps/controller-ethern... external link
Select "Downloads"
In section "Dokumentation" choose "ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016" and select your language for the manual.
See section 9.3: Functional Restrictions and Limits

750-889

Go to www.wago.com/de/sps/controller-ethern... external link
Select "Downloads"
In section "Dokumentation" choose "Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016" and select your language for the manual.
See section 10.4: Functional Restrictions and Limits

750-831

Go to www.wago.com/de/sps/controller-ethern... external link
Select "Downloads"
In section "Dokumentation" choose "BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017" and select your language for the manual.
See section 9.5: Functional Restrictions and Limits