CVE-2021-34581

Summary

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

Affected Software

VendorProductVersion RangeStatus
WAGO750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889FW4 < All*affected

Weaknesses

  • CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime

Workarounds

Restrict network access to the device. Do not directly connect the device to the internet Disable unused TCP/UDP-ports Disable Web Based Management ports 80/443 after configuration phase.

ADP Enrichment

CVE Program Container

Additional References

References