Resource exhaustion in Wago 750-331/xxx-xxx

CVE-2020-12516

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Vulnerability class: DoS (Denial of Service)

EPSS: 0.004 (59.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Wago 750-331/xxx-xxx — versions FW1<=FW10
Wago 750-352 — versions FW1<=FW10
Wago 750-829 — versions FW1<=FW10
Wago 750-831/xxx-xxx — versions FW1<=FW10
Wago 750-852 — versions FW1<=FW10
Wago 750-880/xxx-xxx — versions FW1<=FW10
Wago 750-881 — versions FW1<=FW10
Wago 750-882 — versions FW1<=FW10
Wago 750-885 — versions FW1<=FW10
Wago 750-889 — versions FW1<=FW10

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-12516

References

us-cert.cisa.gov/ics/advisories/icsa-20-308-01 (x_refsource_MISC)
cert.vde.com/en-us/advisories/vde-2020-042 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-12516?: CVE-2020-12516 is a high-severity vulnerability in Wago 750-331/xxx-xxx, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2020-12-10.
How severe is CVE-2020-12516?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2020-12516 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.