Summary
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Older firmware versions of the PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
All newer Firmware releases since FW11, released in December 2017, are not affected.
Impact
An attacker which sends a series of maliciously constructed packets to HTTP(S) ports 80/443 could cause a crashed device, that needs a power on reset to go back to normal operation.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 750-331/xxx-xxx | 750-331/xxx-xxx | Firmware <=FW10 |
| 750-352 | 750-352 | Firmware <=FW10 |
| 750-829 | 750-829 | Firmware <=FW10 |
| 750-831/xxx-xxx | 750-831/xxx-xxx | Firmware <=FW10 |
| 750-852 | 750-852 | Firmware <=FW10 |
| 750-880/xxx-xxx | 750-880/xxx-xxx | Firmware <=FW10 |
| 750-881 | 750-881 | Firmware <=FW10 |
| 750-882 | 750-882 | Firmware <=FW10 |
| 750-885 | 750-885 | Firmware <=FW10 |
| 750-889 | 750-889 | Firmware <=FW10 |
Vulnerabilities
Expand / Collapse allOlder firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
Mitigation
- Restrict network access to the device.
- Do not directly connect the device to the internet
- Disable unused TCP/UDP-ports
Remediation
Update the device to the latest FW version available here:
Acknowledgments
WAGO GmbH & Co. KG thanks the following parties for their efforts:
- CERTVDE for coordination (see https://certvde.com )
- William Knowles from WAGO GmbH & Co. KG for reporting (see https://www.wago.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 10/27/2020 11:28 | initial revision |
| 2 | 04/02/2025 12:00 | Update: deleted Issuing authority |
| 3 | 05/14/2025 15:00 | Fix: added distribution |