CVE-2020-12516
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 750-331/xxx-xxx | FW1<=FW10 | affected |
| WAGO | 750-352 | FW1<=FW10 | affected |
| WAGO | 750-829 | FW1<=FW10 | affected |
| WAGO | 750-831/xxx-xxx | FW1<=FW10 | affected |
| WAGO | 750-852 | FW1<=FW10 | affected |
| WAGO | 750-880/xxx-xxx | FW1<=FW10 | affected |
| WAGO | 750-881 | FW1<=FW10 | affected |
| WAGO | 750-882 | FW1<=FW10 | affected |
| WAGO | 750-885 | FW1<=FW10 | affected |
| WAGO | 750-889 | FW1<=FW10 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
Workarounds
Restrict network access to the device. Do not directly connect the device to the internet Disable unused TCP/UDP-ports
ADP Enrichment
CVE Program Container
Additional References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01
- https://cert.vde.com/en-us/advisories/vde-2020-042
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01
- https://cert.vde.com/en-us/advisories/vde-2020-042
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.