VDE-2018-013
Vulnerability from csaf_wagogmbhcokg - Published: 2018-08-17 09:45 - Updated: 2025-09-22 10:00Summary
WAGO: 750-8xx Controller Denial of Service
Notes
Summary: The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets. Please consult the original paper for details (link at the bottom of this advisory).
Impact: High network load can consume CPU power in such a way that the normal operation of the device can be affected, i.e. the configured cycle time can be influenced. After high network load is removed, the device continues to operate in normal mode.
Remediation: We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.
The switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:
750-8xx: Ethernet > "Misc. Configuration" > "internal Port" > "Output Limit Rate"
750-8xxx: Network > Ethernet > 'Switch Configuration' > 'Rate Limit'
Please also consult the product manuals as this is a known problem for some devices:
750-880
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-880 external link
Select "Downloads"
In section "Dokumentation" choose "ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016" and select your language for the manual.
See section 9.3: Functional Restrictions and Limits
750-889
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-889 external link
Select "Downloads"
In section "Dokumentation" choose "Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016" and select your language for the manual.
See section 10.4: Functional Restrictions and Limits
750-831
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-831 external link
Select "Downloads"
In section "Dokumentation" choose "BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017" and select your language for the manual.
See section 9.5: Functional Restrictions and Limits
An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
7.5 (High)
Vendor Fix
We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.
The switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:
750-8xx: Ethernet > "Misc. Configuration" > "internal Port" > "Output Limit Rate"
750-8xxx: Network > Ethernet > 'Switch Configuration' > 'Rate Limit'
Please also consult the product manuals as this is a known problem for some devices:
750-880
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-880 external link
Select "Downloads"
In section "Dokumentation" choose "ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016" and select your language for the manual.
See section 9.3: Functional Restrictions and Limits
750-889
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-889 external link
Select "Downloads"
In section "Dokumentation" choose "Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016" and select your language for the manual.
See section 10.4: Functional Restrictions and Limits
750-831
Go to https://www.wago.com/de/sps/controller-ethernet/p/750-831 external link
Select "Downloads"
In section "Dokumentation" choose "BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017" and select your language for the manual.
See section 9.5: Functional Restrictions and Limits
References
Acknowledgments
CERT@VDE
Hochschule Augsburg
Matthias Niedermaier
Florian Fischer
Freie Universität Berlin
Jan-Ole Malchow
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"names": [
"Matthias Niedermaier",
"Florian Fischer"
],
"organization": "Hochschule Augsburg",
"summary": "discovery"
},
{
"names": [
"Jan-Ole Malchow"
],
"organization": "Freie Universita\u0308t Berlin",
"summary": "discovery"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets. Please consult the original paper for details (link at the bottom of this advisory).",
"title": "Summary"
},
{
"category": "description",
"text": "High network load can consume CPU power in such a way that the normal operation of the device can be affected, i.e. the configured cycle time can be influenced. After high network load is removed, the device continues to operate in normal mode.",
"title": "Impact"
},
{
"category": "description",
"text": "We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.\n\nThe switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:\n\n750-8xx: Ethernet \u003e \"Misc. Configuration\" \u003e \"internal Port\" \u003e \"Output Limit Rate\"\n\n750-8xxx: Network \u003e Ethernet \u003e \u0027Switch Configuration\u0027 \u003e \u0027Rate Limit\u0027\n\nPlease also consult the product manuals as this is a known problem for some devices:\n\n750-880\n\nGo to https://www.wago.com/de/sps/controller-ethernet/p/750-880 external link\nSelect \"Downloads\"\nIn section \"Dokumentation\" choose \"ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016\" and select your language for the manual.\nSee section 9.3: Functional Restrictions and Limits\n\n750-889\n\nGo to https://www.wago.com/de/sps/controller-ethernet/p/750-889 external link\nSelect \"Downloads\"\nIn section \"Dokumentation\" choose \"Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016\" and select your language for the manual.\nSee section 10.4: Functional Restrictions and Limits\n\n750-831\n\nGo to https://www.wago.com/de/sps/controller-ethernet/p/750-831 external link\nSelect \"Downloads\"\nIn section \"Dokumentation\" choose \"BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017\" and select your language for the manual.\nSee section 9.5: Functional Restrictions and Limits",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO",
"url": "https://certvde.com/en/advisories/vendor/wago"
},
{
"category": "self",
"summary": "VDE-2018-013: WAGO: 750-8xx Controller Denial of Service - HTML",
"url": "https://certvde.com/de/advisories/VDE-2018-013/"
},
{
"category": "self",
"summary": "VDE-2018-013: WAGO: 750-8xx Controller Denial of Service - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2018/vde-2018-013.json"
}
],
"title": "WAGO: 750-8xx Controller Denial of Service",
"tracking": {
"aliases": [
"VDE-2018-013"
],
"current_release_date": "2025-09-22T10:00:00.000Z",
"generator": {
"date": "2025-09-22T11:38:24.022Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.35"
}
},
"id": "VDE-2018-013",
"initial_release_date": "2018-08-17T09:45:00.000Z",
"revision_history": [
{
"date": "2018-08-17T09:45:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2025-01-16T13:00:00.000Z",
"number": "2.0.0",
"summary": "Update: add CVE"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3.0.0",
"summary": "Fix: version space, added distribution, quotation mark"
},
{
"date": "2025-09-22T10:00:00.000Z",
"number": "3.0.1",
"summary": "Fix in CVE Number"
}
],
"status": "final",
"version": "3.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Controller PFC100",
"product": {
"name": "WAGO Hardware Controller PFC100",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"750-8100"
]
}
}
},
{
"category": "product_name",
"name": "Controller BACnet/IP",
"product": {
"name": "WAGO Hardware Controller BACnet/IP",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"750-831"
]
}
}
},
{
"category": "product_name",
"name": "Controller ETH",
"product": {
"name": "WAGO Hardware Controller ETH",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-880"
]
}
}
},
{
"category": "product_name",
"name": "Controller KNX IP",
"product": {
"name": "WAGO Hardware Controller KNX IP",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-889"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=02.05.23(08)",
"product": {
"name": "Firmware \u003c=02.05.23(08)",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003e02.05.23(08)",
"product": {
"name": "Firmware \u003e02.05.23(08)",
"product_id": "CSAFPID-22006"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.02.29(09)",
"product": {
"name": "Firmware \u003c=01.02.29(09)",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version_range",
"name": "\u003e01.02.29(09)",
"product": {
"name": "Firmware \u003e01.02.29(09)",
"product_id": "CSAFPID-22008"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.07.03(10)",
"product": {
"name": "Firmware \u003c=01.07.03(10)",
"product_id": "CSAFPID-21009"
}
},
{
"category": "product_version_range",
"name": "\u003e01.07.03(10)",
"product": {
"name": "Firmware \u003e01.07.03(10)",
"product_id": "CSAFPID-22010"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.07.13(10)",
"product": {
"name": "Firmware \u003c=01.07.13(10)",
"product_id": "CSAFPID-21011"
}
},
{
"category": "product_version_range",
"name": "\u003e01.07.13(10)",
"product": {
"name": "Firmware \u003e01.07.13(10)",
"product_id": "CSAFPID-22012"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.05.23(08) installed on WAGO Hardware Controller PFC100",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.02.29(09) installed on WAGO Hardware Controller BACnet/IP",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.07.03(10) installed on WAGO Hardware Controller ETH",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.07.13(10) installed on WAGO Hardware Controller KNX IP",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25108",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker can cause a DoS in the controller due to\u00a0uncontrolled resource consumption."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We recommend to operate the devices in closed networks or protect with a firewall against unauthorized access. Another, recommended mitigation is to limit the network traffic via the switch rate limit feature according to your application needs.\n\nThe switch rate limit can be configured e.g. via Web based Management to minimize the effect of high network load:\n\n750-8xx: Ethernet \u003e \"Misc. Configuration\" \u003e \"internal Port\" \u003e \"Output Limit Rate\"\n\n750-8xxx: Network \u003e Ethernet \u003e \u0027Switch Configuration\u0027 \u003e \u0027Rate Limit\u0027\n\nPlease also consult the product manuals as this is a known problem for some devices:\n\n750-880\n\nGo to https://www.wago.com/de/sps/controller-ethernet/p/750-880 external link\nSelect \"Downloads\"\nIn section \"Dokumentation\" choose \"ETHERNET Programmierbarer Feldbuscontroller 10 / 100 Mbit/s; digitale und analoge Signale V 2.3.0, 03.08.2016\" and select your language for the manual.\nSee section 9.3: Functional Restrictions and Limits\n\n750-889\n\nGo to https://www.wago.com/de/sps/controller-ethernet/p/750-889 external link\nSelect \"Downloads\"\nIn section \"Dokumentation\" choose \"Controller KNX IP KNX IP Controller V 1.0.2, 04.10.2016\" and select your language for the manual.\nSee section 10.4: Functional Restrictions and Limits\n\n750-831\n\nGo to https://www.wago.com/de/sps/controller-ethernet/p/750-831 external link\nSelect \"Downloads\"\nIn section \"Dokumentation\" choose \"BACnet/IP Programmierbarer Feldbuscontroller 10/100 Mbit/s; digitale und analoge Signale V 1.2.1, 20.02.2017\" and select your language for the manual.\nSee section 9.5: Functional Restrictions and Limits",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2018-25108"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…