CVE-2018-8836

Summary

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.

Affected Software

VendorProductVersion RangeStatus
WAGOWAGO 750 Series750-880 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-881 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-852 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-882 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-885 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-831 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-889 firmware version 10 and prioraffected
WAGOWAGO 750 Series750-829 firmware version 10 and prioraffected

Weaknesses

  • CWE-404: IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404

ADP Enrichment

CVE Program Container

Additional References

References