Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_WAGO_CVE-2018-8836.NASLHistoryMar 29, 2023 - 12:00 a.m.
WAGO 750 Series Improper Resource Shutdown or Release (CVE-2018-8836)
2023-03-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
wago 750 series
improper resource shutdown
remote attack
tcp connection
codesys management software
denial-of-service
tenable.ot
scanner
firmware version 10
0.003 Low
EPSS
Percentile
69.2%
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500926);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2018-8836");
script_name(english:"WAGO 750 Series Improper Resource Shutdown or Release (CVE-2018-8836)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Wago 750 Series PLCs with firmware version 10 and prior include a
remote attack may take advantage of an improper implementation of the
3 way handshake during a TCP connection affecting the communications
with commission and service tools. Specially crafted packets may also
be sent to Port 2455/TCP/IP, used in Codesys management software,
which may result in a denial-of-service condition of communications
with commissioning and service tools.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/103726");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01");
# https://www.wago.com/medias/Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf?context=bWFzdGVyfHJvb3R8MjgxNDk0fGFwcGxpY2F0aW9uL3BkZnxoOTcvaDhkLzkxNTAyMjMyMjA3NjYucGRmfGRlNWQ4ODc0NTE5M2UyNTUwNTIyNDRlOWFkNWI2YjNkMzg0YTVhYzlmYTBjNzM4MDdmNmYzOTM5M2ZlMGEzNzE
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?176ef0d0");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
WAGO has released new firmware addressing this vulnerability that can be obtained by contacting WAGO support via email
at [email protected].
If updating the firmware is not feasible WAGO recommends that users disable the WAGO Service Communication via WBM or
limit the access to Ports 6626 and 2455/TCP/IP to trusted devices.
For more information see WAGOรขยยs security advisory:Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8836");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(404);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/03");
script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-829_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-831_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-852_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-880_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-881_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-882_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-885_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-889_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Wago");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Wago');
var asset = tenable_ot::assets::get(vendor:'Wago');
var vuln_cpes = {
"cpe:/o:wago:750-880_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-881_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-852_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-882_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-885_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-831_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-889_firmware" :
{"versionEndIncluding" : "10", "family" : "Controller750"},
"cpe:/o:wago:750-829_firmware" :
{"versionEndIncluding" : "10", "family" : "ControllerPFC200"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wago | 750-829_firmware | cpe:/o:wago:750-829_firmware | |
| wago | 750-831_firmware | cpe:/o:wago:750-831_firmware | |
| wago | 750-852_firmware | cpe:/o:wago:750-852_firmware | |
| wago | 750-880_firmware | cpe:/o:wago:750-880_firmware | |
| wago | 750-881_firmware | cpe:/o:wago:750-881_firmware | |
| wago | 750-882_firmware | cpe:/o:wago:750-882_firmware | |
| wago | 750-885_firmware | cpe:/o:wago:750-885_firmware | |
| wago | 750-889_firmware | cpe:/o:wago:750-889_firmware |
Related
ics
ics
WAGO 750 Series
2018-03-29 12:00:00
cve
cve
CVE-2018-8836
2018-04-03 13:29:00
cvelist
cvelist
CVE-2018-8836
2018-03-15 00:00:00
nvd
nvd
CVE-2018-8836
2018-04-03 13:29:00
prion
prion
Design/Logic Flaw
2018-04-03 13:29:00