CVE-2018-8836
published 2018-04-03CVE-2018-8836: Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during…
medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | 750-829_firmware | <= 10 | — |
| wago | 750-831_firmware | <= 10 | — |
| wago | 750-852_firmware | <= 10 | — |
| wago | 750-880_firmware | <= 10 | — |
| wago | 750-881_firmware | <= 10 | — |
| wago | 750-882_firmware | <= 10 | — |
| wago | 750-885_firmware | <= 10 | — |
| wago | 750-889_firmware | <= 10 | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |
| wago | wago_750_series | — | — |