VDE-2021-038 | CERT@VDE

2021-08-31 09:00 (CEST) VDE-2021-038

WAGO: OpenSSL DoS Vulnerability in PLCs

Share: Email | Twitter

ID

VDE-2021-038

Published

2021-08-31 09:00 (CEST)

Last update

2021-08-31 09:00 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	750-831/xxx-xxx	FW4 <= FW15
	750-880/xxx-xxx	FW4 <= FW15
	750-881	FW4 <= FW15
	750-889	FW4 <= FW15

Summary

WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication.
With special crafted requests it is possible to bring the device out of operation.
All listed devices are vulnerable for this denial of service attack.

CVE ID

CVE-2021-34581

Last Update:

Sept. 8, 2021, 9:44 a.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Missing Release of Resource after Effective Lifetime (CWE-772)

Summary

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

Details

nvd.nist.gov

Impact

This vulnerability allows an attacker who has access to the device to send a series of maliciously constructed packets which can bring the device out of operation. The device needs a power on reset to go back to normal operation.

Solution

Update the device to the latest FW version.

Mitigation

Restrict network access to the device.
Do not directly connect the device to the internet
Disable unused TCP/UDP-ports
Disable Web Based Management ports 80/443 after configuration phase.

Reported by

These vulnerabilities were reported to WAGO by: Uwe Disch, https://www.disch-online.de
Coordination done by CERT@VDE.