VDE-2023-044

Vulnerability from csaf_wagogmbhcokg - Published: 2023-12-05 07:00 - Updated: 2023-12-05 07:00
Summary
Wago: Vulnerabilities in IEC61850 Server / Telecontrol
Notes
Summary: The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
Impact: Affected devices will stop working after receiving specifically crafted packets until restart.
Mitigation: Restrict network access to the device. Do not directly connect the device to the internet.
Remediation: A fix for WAGO Telecontrol Configurator is contained within the IEC-library WagoAppRTU 1.4.6.0 and available via Wago support. (A new release is planned for the end of the year.)
CVE-2023-5188

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
Mitigation Restrict network access to the device. Do not directly connect the device to the internet.
Vendor Fix A fix for WAGO Telecontrol Configurator is contained within the IEC-library WagoAppRTU 1.4.6.0 and available via Wago support. (A new release is planned for the end of the year.)
References
Acknowledgments
CERT@VDE certvde.com
Sofia Pisani
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "Sofia Pisani",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Affected devices will stop working after receiving specifically crafted packets until restart.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Restrict network access to the device.\nDo not directly connect the device to the internet.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "A fix for WAGO Telecontrol Configurator is contained within the IEC-library WagoAppRTU 1.4.6.0 and available via\u00a0Wago support. (A new release is planned for the end of the year.)",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-044: Wago: Vulnerabilities in IEC61850 Server / Telecontrol - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-044/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-044: Wago: Vulnerabilities in IEC61850 Server / Telecontrol - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-044.json"
      },
      {
        "category": "external",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      }
    ],
    "title": "Wago: Vulnerabilities in IEC61850 Server / Telecontrol",
    "tracking": {
      "aliases": [
        "VDE-2023-044"
      ],
      "current_release_date": "2023-12-05T07:00:00.000Z",
      "generator": {
        "date": "2025-05-05T11:29:56.760Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-044",
      "initial_release_date": "2023-12-05T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-12-05T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "Telecontrol Configurator vers:all/*",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Telecontrol Configurator"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.4.6.0",
                    "product": {
                      "name": "WagoAppRTU \u003c 1.4.6.0",
                      "product_id": "CSAFPID-51002"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.4.6.0",
                    "product": {
                      "name": "WagoAppRTU 1.4.6.0",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "WagoAppRTU"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Wago"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5188",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict network access to the device.\nDo not directly connect the device to the internet.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "A fix for WAGO Telecontrol Configurator is contained within the IEC-library WagoAppRTU 1.4.6.0 and available via\u00a0Wago support. (A new release is planned for the end of the year.)",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2023-5188"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.