CVE-2018-8836

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:14

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/103726 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/103726 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01 - Third Party Advisory, US Government Resource
References () https://www.wago.com/medias/Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf?context=bWFzdGVyfHJvb3R8MjgxNDk0fGFwcGxpY2F0aW9uL3BkZnxoOTcvaDhkLzkxNTAyMjMyMjA3NjYucGRmfGRlNWQ4ODc0NTE5M2UyNTUwNTIyNDRlOWFkNWI2YjNkMzg0YTVhYzlmYTBjNzM4MDdmNmYzOTM5M2ZlMGEzNzE - Vendor Advisory () https://www.wago.com/medias/Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf?context=bWFzdGVyfHJvb3R8MjgxNDk0fGFwcGxpY2F0aW9uL3BkZnxoOTcvaDhkLzkxNTAyMjMyMjA3NjYucGRmfGRlNWQ4ODc0NTE5M2UyNTUwNTIyNDRlOWFkNWI2YjNkMzg0YTVhYzlmYTBjNzM4MDdmNmYzOTM5M2ZlMGEzNzE - Vendor Advisory

Information

Published : 2018-04-03 13:29

Updated : 2024-11-21 04:14


NVD link : CVE-2018-8836

Mitre link : CVE-2018-8836

CVE.ORG link : CVE-2018-8836


JSON object : View

Products Affected

wago

  • 750-880_firmware
  • 750-882_firmware
  • 750-882
  • 750-885
  • 750-831
  • 750-889
  • 750-880
  • 750-889_firmware
  • 750-885_firmware
  • 750-829_firmware
  • 750-852
  • 750-852_firmware
  • 750-829
  • 750-831_firmware
  • 750-881
  • 750-881_firmware
CWE
CWE-404

Improper Resource Shutdown or Release