VDE-2020-036 | CERT@VDE

2021-06-29 12:00 (CEST) VDE-2020-036

WAGO: Multiple Vulnerabilities in I/O-Check Service

Share: Email | Twitter

ID

VDE-2020-036

Published

2021-06-29 12:00 (CEST)

Last update

2021-06-29 12:00 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	750-81xx/xxx-xxx	<= FW18 Patch 2
	750-82xx/xxx-xxx	<= FW18 Patch 2
	752-8303/8000-0002	<= FW18 Patch 2
	762-4xxx	<= FW18 Patch 2
	762-5xxx	<= FW18 Patch 2
	762-6xxx	<= FW18 Patch 2

Summary

Multiple vulnerabilities in the WAGO I/O-Check Service were reported.

Vulnerabilities

CVE-2021-34569

9.8

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Out-of-bounds Write (CWE-787)

Summary

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

Details

nvd.nist.gov

CVE-2021-34566

9.1

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Weakness

Buffer Copy without Checking Size of Input (Classic Buffer Overflow) (CWE-120)

Summary

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.

Details

nvd.nist.gov

CVE-2021-34567

8.2

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

Weakness

Out-of-bounds Read (CWE-125)

Summary

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.

Details

nvd.nist.gov

CVE-2021-34568

7.5

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Allocation of Resources Without Limits or Throttling (CWE-770)

Summary

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

Details

nvd.nist.gov

Impact

By exploiting the described vulnerabilities, the attacker potentially is able to manipulate or disrupt the device.

Solution

Mitigation

Disable I/O-Check service
Restrict network access to the device.
Do not directly connect the device to the internet.

Solution

The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.
Regardless to the action described above, the vulnerability has been fixed in FW18 Patch 3, released in June 2021.
We recommend all affected users to update to the latest firmware version.

Reported by

These vulnerabilities were reported to WAGO by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure.