VDE-2021-038

Vulnerability from csaf_wagogmbhcokg - Published: 2021-08-31 07:00 - Updated: 2025-05-14 12:53
Summary
WAGO: OpenSSL DoS Vulnerability in PLCs
Notes
Summary: WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication. With special crafted requests it is possible to bring the device out of operation. All listed devices are vulnerable for this denial of service attack.
Remediation: Update the device to the latest FW version.
Impact: This vulnerability allows an attacker who has access to the device to send a series of maliciously constructed packets which can bring the device out of operation. The device needs a power on reset to go back to normal operation.
Mitigation: - Restrict network access to the device. - Do not directly connect the device to the internet - Disable unused TCP/UDP-ports - Disable Web Based Management ports 80/443 after configuration phase.
CVE-2021-34581

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-772 - Missing Release of Resource after Effective Lifetime
Mitigation - Restrict network access to the device. - Do not directly connect the device to the internet - Disable unused TCP/UDP-ports - Disable Web Based Management ports 80/443 after configuration phase.
Vendor Fix Update the device to the latest FW version.
References
Acknowledgments
CERT@VDE certvde.com
Uwe Disch
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "Uwe Disch",
        "summary": "reported"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication.\nWith special crafted requests it is possible to bring the device out of operation.\nAll listed devices are vulnerable for this denial of service attack.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Update the device to the latest FW version.",
        "title": "Remediation"
      },
      {
        "category": "description",
        "text": "This vulnerability allows an attacker who has access to the device to send a series of maliciously constructed packets which can bring the device out of operation. The device needs a power on reset to go back to normal operation.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "- Restrict network access to the device.\n- Do not directly connect the device to the internet\n- Disable unused TCP/UDP-ports\n- Disable Web Based Management ports 80/443 after configuration phase.",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "WAGO advisory overview at CERT@VDE",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2021-038: WAGO: OpenSSL DoS Vulnerability in PLCs - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2021-038"
      },
      {
        "category": "self",
        "summary": "VDE-2021-038: WAGO: OpenSSL DoS Vulnerability in PLCs - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-038.json"
      }
    ],
    "title": "WAGO: OpenSSL DoS Vulnerability in PLCs",
    "tracking": {
      "aliases": [
        "VDE-2021-038"
      ],
      "current_release_date": "2025-05-14T12:53:43.000Z",
      "generator": {
        "date": "2025-01-27T09:56:53.497Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.17"
        }
      },
      "id": "VDE-2021-038",
      "initial_release_date": "2021-08-31T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-08-31T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T12:53:43.000Z",
          "number": "2",
          "summary": "Fix: version space, added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "750-831/xxx-xxx",
                "product": {
                  "name": "750-831/xxx-xxx",
                  "product_id": "CSAFPID-11001"
                }
              },
              {
                "category": "product_name",
                "name": "750-880/xxx-xxx",
                "product": {
                  "name": "750-880/xxx-xxx",
                  "product_id": "CSAFPID-11002"
                }
              },
              {
                "category": "product_name",
                "name": "750-881",
                "product": {
                  "name": "750-881",
                  "product_id": "CSAFPID-11003"
                }
              },
              {
                "category": "product_name",
                "name": "750-889",
                "product": {
                  "name": "750-889",
                  "product_id": "CSAFPID-11004"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=FW15",
                "product": {
                  "name": "Firmware \u003c=FW15",
                  "product_id": "CSAFPID-21001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ],
        "summary": "Affected Products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW15 installed on 750-831/xxx-xxx",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW15 installed on 750-880/xxx-xxx",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW15 installed on 750-881",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW15 installed on 750-889",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-34581",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "description",
          "text": "Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Restrict network access to the device.\n- Do not directly connect the device to the internet\n- Disable unused TCP/UDP-ports\n- Disable Web Based Management ports 80/443 after configuration phase.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update the device to the latest FW version.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "title": "CVE-2021-34581"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.