Summary
The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.See also: Siemens Advisory published October 11th, 2022 - SSA-313313
Impact
Abusing this vulnerability an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 750-330 | 750-330 | Firmware <=FW13 |
| 750-332 | 750-332 | Firmware <=FW10 |
| 750-352/xxx-xxx | 750-352/xxx-xxx | Firmware <=FW14 |
| 750-362/xxx-xxx | 750-362/xxx-xxx | Firmware <=FW10 |
| 750-363/xxx-xxx | 750-363/xxx-xxx | Firmware <=FW10 |
| 750-364/xxx-xxx | 750-364/xxx-xxx | Firmware <=FW10 |
| 750-365/xxx-xxx | 750-365/xxx-xxx | Firmware <=FW10 |
| 750-823 | 750-823 | Firmware <=FW10 |
| 750-829 | 750-829 | Firmware <=FW13 |
| 750-831/xxx-xxx | 750-831/xxx-xxx | Firmware <=FW13 |
| 750-832/xxx-xxx | 750-832/xxx-xxx | Firmware <=FW10 |
| 750-852 | 750-852 | Firmware <=FW16 |
| 750-862 | 750-862 | Firmware <=FW10 |
| 750-880/xxx-xxx | 750-880/xxx-xxx | Firmware <=FW16 |
| 750-881 | 750-881 | Firmware <=FW16 |
| 750-882 | 750-882 | Firmware <=FW16 |
| 750-885/xxx-xxx | 750-885/xxx-xxx | Firmware <=FW16 |
| 750-889 | 750-889 | Firmware <=FW16 |
| 750-890/xxx-xxx | 750-890/xxx-xxx | Firmware <=FW10 |
| 750-891 | 750-891 | Firmware <=FW10 |
| 750-893 | 750-893 | Firmware <=FW10 |
Vulnerabilities
Expand / Collapse allA vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
Mitigation
If you enabled the FTP-Server, but you do not need FTP data transfer, you can deactivate the FTP Server over the product settings in the web-based management.
As general security measures strongly WAGO recommends:
-
Use general security best practices to protect systems from local and network attacks.
-
Do not allow direct access to the device from untrusted networks.
-
Update to the latest firmware according to the table in chapter solutions.
-
Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.
The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf external link).
Remediation
Wago recommends all effected users to update to the firmware version listed below:
Series WAGO 750-3x / -8x
| Article Number | Fixed Version |
|---|---|
| 750-330 | Beta FW17 Q1/2023 |
| 750-332 | FW11 after BACnet certification |
| 750-352/xxx-xxx | FW17 Q1/2023 |
| 750-362/xxx-xxx | FW11 Q1/2023 |
| 750-363/xxx-xxx | FW11 Q1/2023 |
| 750-364/xxx-xxx | FW11 Q1/2023 |
| 750-365/xxx-xxx | FW11 Q1/2023 |
| 750-823 | FW11 Q1/2023 |
| 750-829 | Beta FW17 Q1/2023 |
| 750-831/xxx-xxx | Beta FW17 Q1/2023 |
| 750-832/xxx-xxx | FW11 after BACnet certification |
| 750-852 | FW17 Q1/2023 |
| 750-862 | FW11 Q1/2023 |
| 750-880/xxx-xxx | FW17 Q1/2023 |
| 750-881 | FW17 Q1/2023 |
| 750-882 | FW17 Q1/2023 |
| 750-885/xxx-xxx | FW17 Q1/2023 |
| 750-889 | FW17 Q1/2023 |
| 750-890/xxx-xxx | FW11 Q1/2023 |
| 750-891 | FW11 Q1/2023 |
| 750-893 | FW11 Q1/2023 |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 12.10.2022 10:00 | Initial revision. |