VDE-2020-036
Vulnerability from csaf_wagogmbhcokg - Published: 2021-06-29 10:00 - Updated: 2025-05-14 13:00Summary
WAGO: Multiple Vulnerabilities in I/O-Check Service
Notes
Summary: Multiple vulnerabilities in the WAGO I/O-Check Service were reported.
Impact: By exploiting the described vulnerabilities, the attacker potentially is able to manipulate or disrupt the device.
Mitigation: - Disable I/O-Check service
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Solution: The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.
Regardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.
We recommend all affected users to update to the latest firmware version.
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
9.8 (Critical)
Mitigation
- Disable I/O-Check service
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.
Regardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.
We recommend all affected users to update to the latest firmware version.
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.
9.1 (Critical)
Mitigation
- Disable I/O-Check service
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.
Regardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.
We recommend all affected users to update to the latest firmware version.
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.
8.2 (High)
Mitigation
- Disable I/O-Check service
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.
Regardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.
We recommend all affected users to update to the latest firmware version.
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
7.5 (High)
Mitigation
- Disable I/O-Check service
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.
Regardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.
We recommend all affected users to update to the latest firmware version.
References
Acknowledgments
Claroty
Uri Katz
CERT@VDE
{
"document": {
"acknowledgments": [
{
"names": [
"Uri Katz"
],
"organization": "Claroty",
"summary": "reported"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities in the WAGO I/O-Check Service were reported.",
"title": "Summary"
},
{
"category": "description",
"text": "By exploiting the described vulnerabilities, the attacker potentially is able to manipulate or disrupt the device.",
"title": "Impact"
},
{
"category": "description",
"text": "- Disable I/O-Check service\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"title": "Mitigation"
},
{
"category": "description",
"text": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.\nRegardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.\nWe recommend all affected users to update to the latest firmware version.",
"title": "Solution"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Wago",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2020-036: WAGO: Multiple Vulnerabilities in I/O-Check Service - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-036/"
},
{
"category": "self",
"summary": "VDE-2020-036: WAGO: Multiple Vulnerabilities in I/O-Check Service - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2020-036.json"
}
],
"title": "WAGO: Multiple Vulnerabilities in I/O-Check Service",
"tracking": {
"aliases": [
"VDE-2020-036"
],
"current_release_date": "2025-05-14T13:00:15.000Z",
"generator": {
"date": "2024-10-18T12:22:49.381Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.13"
}
},
"id": "VDE-2020-036",
"initial_release_date": "2021-06-29T10:00:00.000Z",
"revision_history": [
{
"date": "2021-06-29T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: added self-reference"
},
{
"date": "2025-02-12T16:48:47.000Z",
"number": "3",
"summary": "Fix: corrected self-reference, fixed version"
},
{
"date": "2025-04-10T13:00:00.000Z",
"number": "4",
"summary": "Fixed csaf publisher information"
},
{
"date": "2025-05-14T13:00:15.000Z",
"number": "5",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Touch Panel 600",
"product": {
"name": "Hardware Touch Panel 600",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"762-6xxx",
"762-5xxx",
"762-4xxx"
]
}
}
},
{
"category": "product_name",
"name": "Edge Controller",
"product": {
"name": "Hardware Edge Controller",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"752-8303/8000-0002"
]
}
}
},
{
"category": "product_name",
"name": "PFC200",
"product": {
"name": "Hardware PFC200",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-82xx/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "PFC 100",
"product": {
"name": "Hardware PFC 100",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-81xx/xxx-xxx"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW18Patch2",
"product": {
"name": "Firmware \u003c=FW18Patch2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW18Patch3",
"product": {
"name": "Firmware FW18Patch3",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Wago"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW18Patch2 installed on Hardware Touch Panel 600",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW18Patch2 installed on Hardware Edge Controller",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW18Patch2 installed on Hardware PFC200",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW18Patch2 installed on Hardware PFC 100",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW18Patch3 installed on Hardware Touch Panel 600",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW18Patch3 installed on Hardware Edge Controller",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW18Patch3 installed on Hardware PFC200",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW18Patch3 installed on Hardware PFC 100",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34569",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable I/O-Check service\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.\nRegardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.\nWe recommend all affected users to update to the latest firmware version.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-34569"
},
{
"cve": "CVE-2021-34566",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable I/O-Check service\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.\nRegardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.\nWe recommend all affected users to update to the latest firmware version.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-34566"
},
{
"cve": "CVE-2021-34567",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable I/O-Check service\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.\nRegardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.\nWe recommend all affected users to update to the latest firmware version.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-34567"
},
{
"cve": "CVE-2021-34568",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable I/O-Check service\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities and possible upcoming zero-day exploits.\nRegardless to the action described above, the vulnerability has been fixed in FW18Patch3, released in June 2021.\nWe recommend all affected users to update to the latest firmware version.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2021-34568"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…