CVE-2021-34568: CWE-770 Allocation of Resources Without Limits or Throttling in WAGO 750-81xx/xxx-xxxFW
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
AI Analysis
Technical Summary
CVE-2021-34568 is a high-severity vulnerability affecting WAGO's 750-81xx/xxx-xxxFW series, specifically within the WAGO I/O-Check Service. This vulnerability is classified under CWE-770, which involves the allocation of resources without limits or throttling. The flaw allows an unauthenticated remote attacker to send specially crafted packets containing operating system commands to the affected device. These packets exploit the lack of resource allocation controls, leading to a denial of service (DoS) condition. The vulnerability does not impact confidentiality or integrity directly but severely affects availability by exhausting system resources or causing the device to become unresponsive. The CVSS 3.1 base score is 7.5, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). The affected firmware version is FW1, and no patches or known exploits in the wild have been reported as of the publication date. The vulnerability is significant because WAGO 750-81xx/xxx-xxxFW devices are industrial controllers commonly used in automation and control systems, where availability is critical. An attacker exploiting this vulnerability could disrupt industrial processes by causing device outages or failures, potentially leading to operational downtime or safety risks. The lack of authentication requirement and the ability to trigger the DoS remotely increase the attack surface and risk profile for organizations using these devices.
Potential Impact
For European organizations, particularly those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a substantial risk. WAGO controllers are widely deployed in European industrial environments due to the company's German origin and strong presence in the European automation market. A successful DoS attack could halt production lines, disrupt energy distribution, or impair building automation systems, leading to financial losses, safety hazards, and regulatory compliance issues. The unavailability of these controllers could also affect supply chains and critical services, amplifying the impact beyond the immediate target. Given the vulnerability requires no authentication and can be exploited remotely, attackers could leverage this flaw to cause widespread disruption without needing insider access. Although no known exploits are reported, the simplicity of the attack vector and the critical role of these devices in industrial control systems make this a high-priority threat for European organizations relying on WAGO hardware.
Mitigation Recommendations
1. Network Segmentation: Isolate WAGO 750-81xx/xxx-xxxFW devices on dedicated network segments with strict access controls to limit exposure to untrusted networks. 2. Access Control Lists (ACLs): Implement ACLs on network devices to restrict traffic to and from the WAGO devices, allowing only trusted management stations or control systems to communicate with them. 3. Intrusion Detection and Prevention: Deploy IDS/IPS solutions with signatures or anomaly detection tuned to identify and block malformed packets targeting the I/O-Check Service. 4. Monitoring and Logging: Enable detailed logging on network devices and WAGO controllers to detect unusual traffic patterns or repeated connection attempts that may indicate exploitation attempts. 5. Firmware Updates: Although no patches are currently listed, maintain close contact with WAGO for firmware updates or advisories and apply patches promptly once available. 6. Incident Response Planning: Develop and test incident response procedures specific to industrial control system DoS scenarios to minimize downtime and coordinate rapid recovery. 7. Vendor Engagement: Engage with WAGO support to confirm device configurations that may mitigate the vulnerability, such as disabling unused services or applying recommended hardening guidelines. 8. Physical Security: Ensure physical security controls prevent unauthorized access to devices, reducing the risk of local exploitation or configuration tampering.
Affected Countries
Germany, France, Italy, Netherlands, Belgium, Sweden, Poland, Spain, Czech Republic, Austria
CVE-2021-34568: CWE-770 Allocation of Resources Without Limits or Throttling in WAGO 750-81xx/xxx-xxxFW
Description
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
AI-Powered Analysis
Technical Analysis
CVE-2021-34568 is a high-severity vulnerability affecting WAGO's 750-81xx/xxx-xxxFW series, specifically within the WAGO I/O-Check Service. This vulnerability is classified under CWE-770, which involves the allocation of resources without limits or throttling. The flaw allows an unauthenticated remote attacker to send specially crafted packets containing operating system commands to the affected device. These packets exploit the lack of resource allocation controls, leading to a denial of service (DoS) condition. The vulnerability does not impact confidentiality or integrity directly but severely affects availability by exhausting system resources or causing the device to become unresponsive. The CVSS 3.1 base score is 7.5, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). The affected firmware version is FW1, and no patches or known exploits in the wild have been reported as of the publication date. The vulnerability is significant because WAGO 750-81xx/xxx-xxxFW devices are industrial controllers commonly used in automation and control systems, where availability is critical. An attacker exploiting this vulnerability could disrupt industrial processes by causing device outages or failures, potentially leading to operational downtime or safety risks. The lack of authentication requirement and the ability to trigger the DoS remotely increase the attack surface and risk profile for organizations using these devices.
Potential Impact
For European organizations, particularly those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a substantial risk. WAGO controllers are widely deployed in European industrial environments due to the company's German origin and strong presence in the European automation market. A successful DoS attack could halt production lines, disrupt energy distribution, or impair building automation systems, leading to financial losses, safety hazards, and regulatory compliance issues. The unavailability of these controllers could also affect supply chains and critical services, amplifying the impact beyond the immediate target. Given the vulnerability requires no authentication and can be exploited remotely, attackers could leverage this flaw to cause widespread disruption without needing insider access. Although no known exploits are reported, the simplicity of the attack vector and the critical role of these devices in industrial control systems make this a high-priority threat for European organizations relying on WAGO hardware.
Mitigation Recommendations
1. Network Segmentation: Isolate WAGO 750-81xx/xxx-xxxFW devices on dedicated network segments with strict access controls to limit exposure to untrusted networks. 2. Access Control Lists (ACLs): Implement ACLs on network devices to restrict traffic to and from the WAGO devices, allowing only trusted management stations or control systems to communicate with them. 3. Intrusion Detection and Prevention: Deploy IDS/IPS solutions with signatures or anomaly detection tuned to identify and block malformed packets targeting the I/O-Check Service. 4. Monitoring and Logging: Enable detailed logging on network devices and WAGO controllers to detect unusual traffic patterns or repeated connection attempts that may indicate exploitation attempts. 5. Firmware Updates: Although no patches are currently listed, maintain close contact with WAGO for firmware updates or advisories and apply patches promptly once available. 6. Incident Response Planning: Develop and test incident response procedures specific to industrial control system DoS scenarios to minimize downtime and coordinate rapid recovery. 7. Vendor Engagement: Engage with WAGO support to confirm device configurations that may mitigate the vulnerability, such as disabling unused services or applying recommended hardening guidelines. 8. Physical Security: Ensure physical security controls prevent unauthorized access to devices, reducing the risk of local exploitation or configuration tampering.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- CERTVDE
- Date Reserved
- 2021-06-10T19:19:08.023Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbecc81
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 6/25/2025, 6:56:54 PM
Last updated: 7/26/2025, 11:05:55 PM
Views: 13
Related Threats
CVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumCVE-2025-8482: CWE-862 Missing Authorization in 10up Simple Local Avatars
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.