CVE-2018-8836

CWE-4043 documents3 sources

Severity

5.3MEDIUM

EPSS

2.0%

top 16.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 750-829 Firmware Wago 750-831 Firmware Wago 750-852 Firmware +6 more

Timeline

PublishedApr 3

Latest updateMay 13

Description

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages9 packages

▶NVDwago/750-829_firmware10

▶NVDwago/750-831_firmware10

▶NVDwago/750-852_firmware10

▶NVDwago/750-880_firmware10

▶NVDwago/750-881_firmware10

🔴Vulnerability Details

GHSA

GHSA-pm5g-66xr-995q: Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshak↗2022-05-13

▶

CVEList

CVE-2018-8836: Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshak↗2018-04-03

▶