VDE-2023-006
Vulnerability from csaf_wagogmbhcokg - Published: 2023-06-25 06:00 - Updated: 2024-07-08 10:00Summary
WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service
Notes
Summary: An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.
Update: 08.07.2024 release date of the updates has been changed.
Impact: Abusing these vulnerabilities an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.
Mitigation: If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under "Configuration > PLC Runtime Services > CODESYS 2 > communication enabled".
As general security measures strongly WAGO recommends:
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.
The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).
Remediation: We recommend all affected users to update to the firmware version listed below:
## PFC200 Family
| Order No. | Firmware Version |
|-------------------------|------------------|
| 750-8202/xxx-xxx | FW 22 Patch 2 |
| 750-8203/xxx-xxx | FW 22 Patch 2 |
| 750-8204/xxx-xxx | FW 22 Patch 2 |
| 750-8206/xxx-xxx | FW 22 Patch 2 |
| 750-8207/xxx-xxx | FW 22 Patch 2 |
| 750-8208/xxx-xxx | FW 22 Patch 2 |
| 750-8210/xxx-xxx | FW 22 Patch 2 |
| 750-8211/xxx-xxx | FW 22 Patch 2 |
| 750-8212/xxx-xxx | FW 22 Patch 2 |
| 750-8213/xxx-xxx | FW 22 Patch 2 |
| 750-8214/xxx-xxx | FW 22 Patch 2 |
| 750-8216/xxx-xxx | FW 22 Patch 2 |
| 750-8217/xxx-xxx | FW 22 Patch 2 |
## Ethernet Controller 4th Generation Family
| Order No. | Firmware Version |
|-------------------------|------------------|
| 750-823 | FW 11 |
| 750-332 | FW 11 |
| 750-832/xxx-xxx | FW 11 |
| 750-862 | FW 11 |
| 750-890/xxx-xxx | FW 11 |
| 750-891 | FW 11 |
| 750-893 | FW 11 |
## Ethernet Controller 3rd Generation Family
| Order No. | Firmware Version |
|-------------------------|----------------------------------------|
| 750-331 | FW 17 (after BACnet certification) |
| 750-829 | FW 17 (after BACnet certification) |
| 750-831/xxx-xxx | FW 17 (after BACnet certification) |
| 750-852 | FW 17 (already available) |
| 750-880/xxx-xxx | FW 17 (after BACnet certification) |
| 750-881 | FW 17 (after BACnet certification) |
| 750-882 | FW 17 (after BACnet certification) |
| 750-885/xxx-xxx | FW 17 (after BACnet certification) |
| 750-889 | FW 17 (after BACnet certification) |
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
4.9 (Medium)
Mitigation
If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under "Configuration > PLC Runtime Services > CODESYS 2 > communication enabled".
As general security measures strongly WAGO recommends:
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.
The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).
Vendor Fix
We recommend all affected users to update to the firmware version listed below:
## PFC200 Family
| Order No. | Firmware Version |
|-------------------------|------------------|
| 750-8202/xxx-xxx | FW 22 Patch 2 |
| 750-8203/xxx-xxx | FW 22 Patch 2 |
| 750-8204/xxx-xxx | FW 22 Patch 2 |
| 750-8206/xxx-xxx | FW 22 Patch 2 |
| 750-8207/xxx-xxx | FW 22 Patch 2 |
| 750-8208/xxx-xxx | FW 22 Patch 2 |
| 750-8210/xxx-xxx | FW 22 Patch 2 |
| 750-8211/xxx-xxx | FW 22 Patch 2 |
| 750-8212/xxx-xxx | FW 22 Patch 2 |
| 750-8213/xxx-xxx | FW 22 Patch 2 |
| 750-8214/xxx-xxx | FW 22 Patch 2 |
| 750-8216/xxx-xxx | FW 22 Patch 2 |
| 750-8217/xxx-xxx | FW 22 Patch 2 |
## Ethernet Controller 4th Generation Family
| Order No. | Firmware Version |
|-------------------------|------------------|
| 750-823 | FW 11 |
| 750-332 | FW 11 |
| 750-832/xxx-xxx | FW 11 |
| 750-862 | FW 11 |
| 750-890/xxx-xxx | FW 11 |
| 750-891 | FW 11 |
| 750-893 | FW 11 |
## Ethernet Controller 3rd Generation Family
| Order No. | Firmware Version |
|-------------------------|----------------------------------------|
| 750-331 | FW 17 (after BACnet certification) |
| 750-829 | FW 17 (after BACnet certification) |
| 750-831/xxx-xxx | FW 17 (after BACnet certification) |
| 750-852 | FW 17 (already available) |
| 750-880/xxx-xxx | FW 17 (after BACnet certification) |
| 750-881 | FW 17 (after BACnet certification) |
| 750-882 | FW 17 (after BACnet certification) |
| 750-885/xxx-xxx | FW 17 (after BACnet certification) |
| 750-889 | FW 17 (after BACnet certification) |
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
4.9 (Medium)
Mitigation
If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under "Configuration > PLC Runtime Services > CODESYS 2 > communication enabled".
As general security measures strongly WAGO recommends:
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.
The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).
Vendor Fix
We recommend all affected users to update to the firmware version listed below:
## PFC200 Family
| Order No. | Firmware Version |
|-------------------------|------------------|
| 750-8202/xxx-xxx | FW 22 Patch 2 |
| 750-8203/xxx-xxx | FW 22 Patch 2 |
| 750-8204/xxx-xxx | FW 22 Patch 2 |
| 750-8206/xxx-xxx | FW 22 Patch 2 |
| 750-8207/xxx-xxx | FW 22 Patch 2 |
| 750-8208/xxx-xxx | FW 22 Patch 2 |
| 750-8210/xxx-xxx | FW 22 Patch 2 |
| 750-8211/xxx-xxx | FW 22 Patch 2 |
| 750-8212/xxx-xxx | FW 22 Patch 2 |
| 750-8213/xxx-xxx | FW 22 Patch 2 |
| 750-8214/xxx-xxx | FW 22 Patch 2 |
| 750-8216/xxx-xxx | FW 22 Patch 2 |
| 750-8217/xxx-xxx | FW 22 Patch 2 |
## Ethernet Controller 4th Generation Family
| Order No. | Firmware Version |
|-------------------------|------------------|
| 750-823 | FW 11 |
| 750-332 | FW 11 |
| 750-832/xxx-xxx | FW 11 |
| 750-862 | FW 11 |
| 750-890/xxx-xxx | FW 11 |
| 750-891 | FW 11 |
| 750-893 | FW 11 |
## Ethernet Controller 3rd Generation Family
| Order No. | Firmware Version |
|-------------------------|----------------------------------------|
| 750-331 | FW 17 (after BACnet certification) |
| 750-829 | FW 17 (after BACnet certification) |
| 750-831/xxx-xxx | FW 17 (after BACnet certification) |
| 750-852 | FW 17 (already available) |
| 750-880/xxx-xxx | FW 17 (after BACnet certification) |
| 750-881 | FW 17 (after BACnet certification) |
| 750-882 | FW 17 (after BACnet certification) |
| 750-885/xxx-xxx | FW 17 (after BACnet certification) |
| 750-889 | FW 17 (after BACnet certification) |
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
Forescout
Abdelrahman Hassanien
Daniel dos Santos
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Abdelrahman Hassanien",
"Daniel dos Santos"
],
"organization": "Forescout"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.\nUpdate: 08.07.2024\u00a0release date of the updates has been changed.",
"title": "Summary"
},
{
"category": "description",
"text": "Abusing these vulnerabilities an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.",
"title": "Impact"
},
{
"category": "description",
"text": "If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under \"Configuration \u003e PLC Runtime Services \u003e CODESYS 2 \u003e communication enabled\".\n\nAs general security measures strongly WAGO recommends:\n\n1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.\n\nThe BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
"title": "Mitigation"
},
{
"category": "description",
"text": "We recommend all affected users to update to the firmware version listed below:\n\n## PFC200 Family\n\n| Order No. | Firmware Version |\n|-------------------------|------------------|\n| 750-8202/xxx-xxx | FW 22 Patch 2 |\n| 750-8203/xxx-xxx | FW 22 Patch 2 |\n| 750-8204/xxx-xxx | FW 22 Patch 2 |\n| 750-8206/xxx-xxx | FW 22 Patch 2 |\n| 750-8207/xxx-xxx | FW 22 Patch 2 |\n| 750-8208/xxx-xxx | FW 22 Patch 2 |\n| 750-8210/xxx-xxx | FW 22 Patch 2 |\n| 750-8211/xxx-xxx | FW 22 Patch 2 |\n| 750-8212/xxx-xxx | FW 22 Patch 2 |\n| 750-8213/xxx-xxx | FW 22 Patch 2 |\n| 750-8214/xxx-xxx | FW 22 Patch 2 |\n| 750-8216/xxx-xxx | FW 22 Patch 2 |\n| 750-8217/xxx-xxx | FW 22 Patch 2 |\n\n## Ethernet Controller 4th Generation Family\n\n| Order No. | Firmware Version |\n|-------------------------|------------------|\n| 750-823 | FW 11 |\n| 750-332 | FW 11 |\n| 750-832/xxx-xxx | FW 11 |\n| 750-862 | FW 11 |\n| 750-890/xxx-xxx | FW 11 |\n| 750-891 | FW 11 |\n| 750-893 | FW 11 |\n\n## Ethernet Controller 3rd Generation Family\n\n| Order No. | Firmware Version |\n|-------------------------|----------------------------------------|\n| 750-331 | FW 17 (after BACnet certification) |\n| 750-829 | FW 17 (after BACnet certification) |\n| 750-831/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-852 | FW 17 (already available) |\n| 750-880/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-881 | FW 17 (after BACnet certification) |\n| 750-882 | FW 17 (after BACnet certification) |\n| 750-885/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-889 | FW 17 (after BACnet certification) |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-006: WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-006/"
},
{
"category": "self",
"summary": "VDE-2023-006: WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-006.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service",
"tracking": {
"aliases": [
"VDE-2023-006"
],
"current_release_date": "2024-07-08T10:00:00.000Z",
"generator": {
"date": "2025-06-05T08:55:47.275Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2023-006",
"initial_release_date": "2023-06-25T06:00:00.000Z",
"revision_history": [
{
"date": "2023-06-25T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-07-08T10:00:00.000Z",
"number": "2",
"summary": "Release date of the updates has been changed."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-331",
"product": {
"name": "Ethernet Controller 3rd Generation 750-331",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-829",
"product": {
"name": "Ethernet Controller 3rd Generation 750-829",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-831/xxx-xxx",
"product": {
"name": "Ethernet Controller 3rd Generation 750-831/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "Ethernet Controller 3rd Generation 750-852",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-880/xxx-xxx",
"product": {
"name": "Ethernet Controller 3rd Generation 750-880/xxx-xxx",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "Ethernet Controller 3rd Generation 750-881",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "Ethernet Controller 3rd Generation 750-882",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-885/xxx-xxx",
"product": {
"name": "Ethernet Controller 3rd Generation 750-885/xxx-xxx",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "Ethernet Controller 3rd Generation 750-889",
"product_id": "CSAFPID-11009"
}
}
],
"category": "product_family",
"name": "Ethernet Controller 3rd Generation"
},
{
"branches": [
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "Ethernet Controller 4th Generation 750-823",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-332",
"product": {
"name": "Ethernet Controller 4th Generation 750-332",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-832/xxx-xxx",
"product": {
"name": "Ethernet Controller 4th Generation 750-832/xxx-xxx",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "Ethernet Controller 4th Generation 750-862",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "750-890/xxx-xxx",
"product": {
"name": "Ethernet Controller 4th Generation 750-890/xxx-xxx",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "Ethernet Controller 4th Generation 750-891",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "Ethernet Controller 4th Generation 750-893",
"product_id": "CSAFPID-11016"
}
}
],
"category": "product_family",
"name": "Ethernet Controller 4th Generation"
},
{
"category": "product_name",
"name": "PFC200 Family",
"product": {
"name": "PFC200",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"750-8202/xxx-xxx",
"750-8203/xxx-xxx",
"750-8204/xxx-xxx",
"750-8206/xxx-xxx",
"750-8207/xxx-xxx",
"750-8208/xxx-xxx",
"750-8210/xxx-xxx",
"750-8211/xxx-xxx",
"750-8212/xxx-xxx",
"750-8213/xxx-xxx",
"750-8214/xxx-xxx",
"750-8216/xxx-xxx",
"750-8217/xxx-xxx"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW14",
"product": {
"name": "Firmware \u003c=FW14",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW16",
"product": {
"name": "Firmware \u003c=FW16",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW10",
"product": {
"name": "Firmware \u003c=FW10",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW6",
"product": {
"name": "Firmware \u003c=FW6",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW22 SP1",
"product": {
"name": "Firmware \u003c=FW22 SP1",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "FW22 Patch 2",
"product": {
"name": "Firmware FW22 Patch 2",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW11",
"product": {
"name": "Firmware FW11",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "FW17 (after BACnet certification)",
"product": {
"name": "Firmware FW17 (after BACnet certification)",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "FW17",
"product": {
"name": "Firmware FW17",
"product_id": "CSAFPID-22004"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on Ethernet Controller 3rd Generation 750-331",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on Ethernet Controller 3rd Generation 750-829",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on Ethernet Controller 3rd Generation 750-831/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on Ethernet Controller 3rd Generation 750-852",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on Ethernet Controller 3rd Generation 750-880/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on Ethernet Controller 3rd Generation 750-881",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on Ethernet Controller 3rd Generation 750-882",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on Ethernet Controller 3rd Generation 750-885/xxx-xxx",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on Ethernet Controller 3rd Generation 750-889",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW10 installed on Ethernet Controller 4th Generation 750-823",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW6 installed on Ethernet Controller 4th Generation 750-332",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW6 installed on Ethernet Controller 4th Generation 750-832/xxx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW10 installed on Ethernet Controller 4th Generation 750-862",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW10 installed on Ethernet Controller 4th Generation 750-890/xxx-xxx",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW10 installed on Ethernet Controller 4th Generation 750-891",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW10 installed on Ethernet Controller 4th Generation 750-893",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW22 SP1 installed on PFC200",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 Patch 2 installed on PFC200",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-823",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-332",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-832/xxx-xxx",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-862",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-890/xxx-xxx",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-891",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on Ethernet Controller 4th Generation 750-893",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 (after BACnet certification) installed on Ethernet Controller 3rd Generation 750-331",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 (after BACnet certification) installed on Ethernet Controller 3rd Generation 750-829",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 (after BACnet certification) installed on Ethernet Controller 3rd Generation 750-831/xxx-xxx",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on Ethernet Controller 3rd Generation 750-852",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on Ethernet Controller 3rd Generation 750-880/xxx-xxx",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on Ethernet Controller 3rd Generation 750-881",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on Ethernet Controller 3rd Generation 750-882",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on Ethernet Controller 3rd Generation 750-885/xxx-xxx",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on Ethernet Controller 3rd Generation 750-889",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11009"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1619",
"cwe": {
"id": "CWE-1288",
"name": "Improper Validation of Consistency within Input"
},
"notes": [
{
"category": "description",
"text": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under \"Configuration \u003e PLC Runtime Services \u003e CODESYS 2 \u003e communication enabled\".\n\nAs general security measures strongly WAGO recommends:\n\n1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.\n\nThe BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "We recommend all affected users to update to the firmware version listed below:\n\n## PFC200 Family\n\n| Order No. | Firmware Version |\n|-------------------------|------------------|\n| 750-8202/xxx-xxx | FW 22 Patch 2 |\n| 750-8203/xxx-xxx | FW 22 Patch 2 |\n| 750-8204/xxx-xxx | FW 22 Patch 2 |\n| 750-8206/xxx-xxx | FW 22 Patch 2 |\n| 750-8207/xxx-xxx | FW 22 Patch 2 |\n| 750-8208/xxx-xxx | FW 22 Patch 2 |\n| 750-8210/xxx-xxx | FW 22 Patch 2 |\n| 750-8211/xxx-xxx | FW 22 Patch 2 |\n| 750-8212/xxx-xxx | FW 22 Patch 2 |\n| 750-8213/xxx-xxx | FW 22 Patch 2 |\n| 750-8214/xxx-xxx | FW 22 Patch 2 |\n| 750-8216/xxx-xxx | FW 22 Patch 2 |\n| 750-8217/xxx-xxx | FW 22 Patch 2 |\n\n## Ethernet Controller 4th Generation Family\n\n| Order No. | Firmware Version |\n|-------------------------|------------------|\n| 750-823 | FW 11 |\n| 750-332 | FW 11 |\n| 750-832/xxx-xxx | FW 11 |\n| 750-862 | FW 11 |\n| 750-890/xxx-xxx | FW 11 |\n| 750-891 | FW 11 |\n| 750-893 | FW 11 |\n\n## Ethernet Controller 3rd Generation Family\n\n| Order No. | Firmware Version |\n|-------------------------|----------------------------------------|\n| 750-331 | FW 17 (after BACnet certification) |\n| 750-829 | FW 17 (after BACnet certification) |\n| 750-831/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-852 | FW 17 (already available) |\n| 750-880/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-881 | FW 17 (after BACnet certification) |\n| 750-882 | FW 17 (after BACnet certification) |\n| 750-885/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-889 | FW 17 (after BACnet certification) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2023-1619"
},
{
"cve": "CVE-2023-1620",
"cwe": {
"id": "CWE-1288",
"name": "Improper Validation of Consistency within Input"
},
"notes": [
{
"category": "description",
"text": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If the PLC runtime is running, but you do not need it, you can deactivate the plc runtime programming port over the product settings in the web-based management. You can find this option under \"Configuration \u003e PLC Runtime Services \u003e CODESYS 2 \u003e communication enabled\".\n\nAs general security measures strongly WAGO recommends:\n\n1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.\n\nThe BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "We recommend all affected users to update to the firmware version listed below:\n\n## PFC200 Family\n\n| Order No. | Firmware Version |\n|-------------------------|------------------|\n| 750-8202/xxx-xxx | FW 22 Patch 2 |\n| 750-8203/xxx-xxx | FW 22 Patch 2 |\n| 750-8204/xxx-xxx | FW 22 Patch 2 |\n| 750-8206/xxx-xxx | FW 22 Patch 2 |\n| 750-8207/xxx-xxx | FW 22 Patch 2 |\n| 750-8208/xxx-xxx | FW 22 Patch 2 |\n| 750-8210/xxx-xxx | FW 22 Patch 2 |\n| 750-8211/xxx-xxx | FW 22 Patch 2 |\n| 750-8212/xxx-xxx | FW 22 Patch 2 |\n| 750-8213/xxx-xxx | FW 22 Patch 2 |\n| 750-8214/xxx-xxx | FW 22 Patch 2 |\n| 750-8216/xxx-xxx | FW 22 Patch 2 |\n| 750-8217/xxx-xxx | FW 22 Patch 2 |\n\n## Ethernet Controller 4th Generation Family\n\n| Order No. | Firmware Version |\n|-------------------------|------------------|\n| 750-823 | FW 11 |\n| 750-332 | FW 11 |\n| 750-832/xxx-xxx | FW 11 |\n| 750-862 | FW 11 |\n| 750-890/xxx-xxx | FW 11 |\n| 750-891 | FW 11 |\n| 750-893 | FW 11 |\n\n## Ethernet Controller 3rd Generation Family\n\n| Order No. | Firmware Version |\n|-------------------------|----------------------------------------|\n| 750-331 | FW 17 (after BACnet certification) |\n| 750-829 | FW 17 (after BACnet certification) |\n| 750-831/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-852 | FW 17 (already available) |\n| 750-880/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-881 | FW 17 (after BACnet certification) |\n| 750-882 | FW 17 (after BACnet certification) |\n| 750-885/xxx-xxx | FW 17 (after BACnet certification) |\n| 750-889 | FW 17 (after BACnet certification) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2023-1620"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…