VDE-2023-005
Vulnerability from csaf_wagogmbhcokg - Published: 2023-06-25 06:00 - Updated: 2023-06-25 06:00Summary
WAGO: Series 750-3x/-8x prone to MODBUS server DoS
Notes
Summary: An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.
Impact: Abusing this vulnerability an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.
Mitigation: In case no MODBUS communication is needed the MODBUS-Server should be deactivated in the product settings of the web-based management.
As general security measures WAGO strongly recommends:
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium (www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).
Remediation: We recommend all affected users to update to the firmware version listed below:
### Series WAGO 750-3x/-8x
| Article Number | Fixed in Firmware Version |
|----------------------|----------------------------------------|
| 750-332 | FW11 after BACnet certification |
| 750-362/xxx-xxx | FW11 Q3/2023 |
| 750-363/xxx-xxx | FW11 Q3/2023 |
| 750-364/xxx-xxx | FW11 Q3/2023 |
| 750-365/xxx-xxx | FW11 Q3/2023 |
| 750-823 | FW11 Q3/2023 |
| 750-832/xxx-xxx | FW11 after BACnet certification |
| 750-862 | FW11 Q1/2023 |
| 750-890/xxx-xxx | FW11 Q3/2023 |
| 750-891 | FW11 Q3/2023 |
| 750-893 | FW11 Q3/2023 |
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
7.5 (High)
Mitigation
In case no MODBUS communication is needed the MODBUS-Server should be deactivated in the product settings of the web-based management.
As general security measures WAGO strongly recommends:
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium (www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).
Vendor Fix
We recommend all affected users to update to the firmware version listed below:
### Series WAGO 750-3x/-8x
| Article Number | Fixed in Firmware Version |
|----------------------|----------------------------------------|
| 750-332 | FW11 after BACnet certification |
| 750-362/xxx-xxx | FW11 Q3/2023 |
| 750-363/xxx-xxx | FW11 Q3/2023 |
| 750-364/xxx-xxx | FW11 Q3/2023 |
| 750-365/xxx-xxx | FW11 Q3/2023 |
| 750-823 | FW11 Q3/2023 |
| 750-832/xxx-xxx | FW11 after BACnet certification |
| 750-862 | FW11 Q1/2023 |
| 750-890/xxx-xxx | FW11 Q3/2023 |
| 750-891 | FW11 Q3/2023 |
| 750-893 | FW11 Q3/2023 |
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
Kaspersky
Roman Ezhov
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Roman Ezhov"
],
"organization": "Kaspersky"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.",
"title": "Summary"
},
{
"category": "description",
"text": "Abusing this vulnerability an attacker can crash an affected product, which fully prevents the product to work as intended. After a complete restart the component works as expected.",
"title": "Impact"
},
{
"category": "description",
"text": "In case no MODBUS communication is needed the MODBUS-Server should be deactivated in the product settings of the web-based management.\n\nAs general security measures WAGO strongly recommends:\n\n1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium (www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
"title": "Mitigation"
},
{
"category": "description",
"text": "We recommend all affected users to update to the firmware version listed below:\n\n### Series WAGO 750-3x/-8x\n\n| Article Number | Fixed in Firmware Version |\n|----------------------|----------------------------------------|\n| 750-332 | FW11 after BACnet certification |\n| 750-362/xxx-xxx | FW11 Q3/2023 |\n| 750-363/xxx-xxx | FW11 Q3/2023 |\n| 750-364/xxx-xxx | FW11 Q3/2023 |\n| 750-365/xxx-xxx | FW11 Q3/2023 |\n| 750-823 | FW11 Q3/2023 |\n| 750-832/xxx-xxx | FW11 after BACnet certification |\n| 750-862 | FW11 Q1/2023 |\n| 750-890/xxx-xxx | FW11 Q3/2023 |\n| 750-891 | FW11 Q3/2023 |\n| 750-893 | FW11 Q3/2023 |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-005: WAGO: Series 750-3x/-8x prone to MODBUS server DoS - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-005/"
},
{
"category": "self",
"summary": "VDE-2023-005: WAGO: Series 750-3x/-8x prone to MODBUS server DoS - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-005.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Series 750-3x/-8x prone to MODBUS server DoS",
"tracking": {
"aliases": [
"VDE-2023-005"
],
"current_release_date": "2023-06-25T06:00:00.000Z",
"generator": {
"date": "2025-05-08T11:09:08.909Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2023-005",
"initial_release_date": "2023-06-25T06:00:00.000Z",
"revision_history": [
{
"date": "2023-06-25T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "BACnet/IP Controller (4th Gen)",
"product": {
"name": "BACnet/IP Controller (4th Gen)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"750-832/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "BACnet/IP Fieldbus Coupler (4th Gen)",
"product": {
"name": "BACnet/IP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"750-332"
]
}
}
},
{
"category": "product_name",
"name": "EtherNet/IP Controller (4th Gen)",
"product": {
"name": "EtherNet/IP Controller (4th Gen)",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-823",
"750-893"
]
}
}
},
{
"category": "product_name",
"name": "EtherNet/IP Fieldbus Coupler (4th Gen)",
"product": {
"name": "EtherNet/IP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-363/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "EtherNet/IP M12 Fieldbus Coupler (4th Gen)",
"product": {
"name": "EtherNet/IP M12 Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"750-365/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "Modbus TCP Controller (4th Gen)",
"product": {
"name": "Modbus TCP Controller (4th Gen)",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"750-862",
"750-890/xxx-xxx",
"750-891"
]
}
}
},
{
"category": "product_name",
"name": "Modbus TCP Fieldbus Coupler (4th Gen)",
"product": {
"name": "Modbus TCP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"750-362/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "Modbus TCP M12 Fieldbus Coupler (4th Gen)",
"product": {
"name": "Modbus TCP M12 Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"750-364/xxx-xxx"
]
}
}
}
],
"category": "product_name",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW10",
"product": {
"name": "Fimware \u003c=FW10",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW11",
"product": {
"name": "Fimware FW11",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW11 after BACnet certification",
"product": {
"name": "Fimware FW11 after BACnet certification",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Fimware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on BACnet/IP Controller (4th Gen)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on BACnet/IP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on EtherNet/IP Controller (4th Gen)",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on EtherNet/IP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on EtherNet/IP M12 Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on Modbus TCP Controller (4th Gen)",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on Modbus TCP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware \u003c=FW10 installed on Modbus TCP M12 Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 after BACnet certification installed on BACnet/IP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 installed on Modbus TCP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 installed on EtherNet/IP Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 installed on Modbus TCP M12 Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 installed on EtherNet/IP M12 Fieldbus Coupler (4th Gen)",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 installed on EtherNet/IP Controller (4th Gen)",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 after BACnet certification installed on BACnet/IP Controller (4th Gen)",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Fimware FW11 installed on Modbus TCP Controller (4th Gen)",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1150",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In case no MODBUS communication is needed the MODBUS-Server should be deactivated in the product settings of the web-based management.\n\nAs general security measures WAGO strongly recommends:\n\n1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium (www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "We recommend all affected users to update to the firmware version listed below:\n\n### Series WAGO 750-3x/-8x\n\n| Article Number | Fixed in Firmware Version |\n|----------------------|----------------------------------------|\n| 750-332 | FW11 after BACnet certification |\n| 750-362/xxx-xxx | FW11 Q3/2023 |\n| 750-363/xxx-xxx | FW11 Q3/2023 |\n| 750-364/xxx-xxx | FW11 Q3/2023 |\n| 750-365/xxx-xxx | FW11 Q3/2023 |\n| 750-823 | FW11 Q3/2023 |\n| 750-832/xxx-xxx | FW11 after BACnet certification |\n| 750-862 | FW11 Q1/2023 |\n| 750-890/xxx-xxx | FW11 Q3/2023 |\n| 750-891 | FW11 Q3/2023 |\n| 750-893 | FW11 Q3/2023 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008"
]
}
],
"title": "CVE-2023-1150"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…