OTPulse
FeedAboutContact

WAGO: OpenSSL DoS Vulnerability in PLCs

Monitor7.5VDE-2021-038Aug 31, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

WAGO controllers are vulnerable to a denial of service attack triggered by specially crafted network requests. An attacker can cause the device to crash, halting automated processes. The vulnerability exists in the OpenSSL implementation on all listed WAGO PLC models running firmware version 15 or earlier. No patch is currently available from the vendor.

What this means
What could happen
An attacker can send specially crafted network requests to WAGO PLCs to crash them, halting automated processes and production until they are manually restarted. This affects any facility relying on these controllers for continuous operation.
Who's at risk
Facilities operating WAGO PLC models 750-831, 750-880, 750-881, and 750-889 running firmware version 15 or earlier are affected. This includes manufacturing plants, water treatment facilities, and utilities using these controllers for process automation.
How it could be exploited
An attacker with network access to the PLC sends a specially crafted request targeting the OpenSSL implementation, causing the device to become unresponsive. This can be done remotely if the PLC is accessible from the network, or from an attacker who has compromised another system on the same network segment.
Prerequisites
  • Network access to the affected WAGO PLC
  • No authentication required
remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score (7.5)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
750-831/xxx-xxx≤ FW15No fix (EOL)
750-881≤ FW15No fix (EOL)
750-889≤ FW15No fix (EOL)
750-880/xxx-xxx≤ FW15No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict network access to WAGO PLCs using firewall rules—only allow connections from authorized engineering workstations and control systems.
HARDENINGDisable unused TCP/UDP ports on the WAGO PLC to reduce the attack surface.
HARDENINGDisable web-based management ports 80 and 443 after the configuration phase is complete.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO PLC firmware to the latest available version when a fix becomes available.
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: 750-831/xxx-xxx, 750-881, 750-889, 750-880/xxx-xxx. Apply the following compensating controls:
HARDENINGDo not directly connect WAGO PLCs to the internet; isolate them on an internal industrial network.
View full CERT@VDE advisory
API: /api/v1/advisories/b6ff1647-5403-4694-9ddc-b521603b8453
WAGO: OpenSSL DoS Vulnerability in PLCs | CVSS 7.5 - OTPulse