CVE-2021-34581
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 | FW4 < All* | affected |
Weaknesses
- CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime
Workarounds
Restrict network access to the device. Do not directly connect the device to the internet Disable unused TCP/UDP-ports Disable Web Based Management ports 80/443 after configuration phase.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.