Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00203.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
WAGO 750-332 unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-362/xxx-xxx unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-363/xxx-xxx unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-364/xxx-xxx unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-365/xxx-xxx unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-823 unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-832/xxx-xxx unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-862 unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-890/xxx-xxx unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-891 unaffected
Version Status Constraints
0 affected ≤ FW10
WAGO 750-893 unaffected
Version Status Constraints
0 affected ≤ FW10

Configuration 1 [-]

AND
cpe:2.3:o:wago:750-363\/040-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-363\/040-000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:wago:750-362\/040-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-362\/040-000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:wago:750-362\/000-001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-362\/000-001:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:wago:750-365\/040-010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-365\/040-010:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:wago:750-364\/040-010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-364\/040-010:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:wago:750-832\/000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-832\/000-002:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:wago:750-890\/025-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-890\/025-000:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:wago:750-890\/025-001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-890\/025-001:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:wago:750-890\/025-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-890\/025-002:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:wago:750-890\/040-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-890\/040-000:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Wago Subscribe
750-362 Subscribe
750-362\/000-001 Subscribe
750-362\/000-001 Firmware Subscribe
750-362\/040-000 Subscribe
750-362\/040-000 Firmware Subscribe
750-362 Firmware Subscribe
750-363 Subscribe
750-363\/040-000 Subscribe
750-363\/040-000 Firmware Subscribe
750-363 Firmware Subscribe
750-364\/040-010 Subscribe
750-364\/040-010 Firmware Subscribe
750-365\/040-010 Subscribe
750-365\/040-010 Firmware Subscribe
750-823 Subscribe
750-823 Firmware Subscribe
750-832 Subscribe
750-832\/000-002 Subscribe
750-832\/000-002 Firmware Subscribe
750-832 Firmware Subscribe
750-862 Subscribe
750-862 Firmware Subscribe
750-890 Subscribe
750-890\/025-000 Subscribe
750-890\/025-000 Firmware Subscribe
750-890\/025-001 Subscribe
750-890\/025-001 Firmware Subscribe
750-890\/025-002 Subscribe
750-890\/025-002 Firmware Subscribe
750-890\/040-000 Subscribe
750-890\/040-000 Firmware Subscribe
750-890 Firmware Subscribe
750-891 Subscribe
750-891 Firmware Subscribe
750-893 Subscribe
750-893 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2023-23433 Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://cert.vde.com/en/advisories/VDE-2023-005/ cve-icon cve-icon
History

Thu, 05 Dec 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 02 Oct 2024 06:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 02 Oct 2024 05:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2024-12-05T19:07:34.007Z

Reserved: 2023-03-02T05:38:38.812Z

Link: CVE-2023-1150

cve-icon Vulnrichment

Updated: 2024-08-02T05:40:57.941Z

cve-icon NVD

Status : Modified

Published: 2023-06-26T07:15:08.877

Modified: 2024-11-21T07:38:33.400

Link: CVE-2023-1150

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses