CVE-2020-12516

Summary

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Affected Software

VendorProductVersion RangeStatus
WAGO750-331/xxx-xxxFW1<=FW10affected
WAGO750-352FW1<=FW10affected
WAGO750-829FW1<=FW10affected
WAGO750-831/xxx-xxxFW1<=FW10affected
WAGO750-852FW1<=FW10affected
WAGO750-880/xxx-xxxFW1<=FW10affected
WAGO750-881FW1<=FW10affected
WAGO750-882FW1<=FW10affected
WAGO750-885FW1<=FW10affected
WAGO750-889FW1<=FW10affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

Workarounds

Restrict network access to the device. Do not directly connect the device to the internet Disable unused TCP/UDP-ports

ADP Enrichment

CVE Program Container

Additional References

References