Skip to main content

CVE-2021-34568: CWE-770 Allocation of Resources Without Limits or Throttling in WAGO 750-81xx/xxx-xxxFW

High
VulnerabilityCVE-2021-34568cvecve-2021-34568cwe-770
Published: Wed Nov 09 2022 (11/09/2022, 15:17:29 UTC)
Source: CVE
Vendor/Project: WAGO
Product: 750-81xx/xxx-xxxFW

Description

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

AI-Powered Analysis

AILast updated: 06/25/2025, 18:56:54 UTC

Technical Analysis

CVE-2021-34568 is a high-severity vulnerability affecting WAGO's 750-81xx/xxx-xxxFW series, specifically within the WAGO I/O-Check Service. This vulnerability is classified under CWE-770, which involves the allocation of resources without limits or throttling. The flaw allows an unauthenticated remote attacker to send specially crafted packets containing operating system commands to the affected device. These packets exploit the lack of resource allocation controls, leading to a denial of service (DoS) condition. The vulnerability does not impact confidentiality or integrity directly but severely affects availability by exhausting system resources or causing the device to become unresponsive. The CVSS 3.1 base score is 7.5, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and high impact on availability (A:H). The affected firmware version is FW1, and no patches or known exploits in the wild have been reported as of the publication date. The vulnerability is significant because WAGO 750-81xx/xxx-xxxFW devices are industrial controllers commonly used in automation and control systems, where availability is critical. An attacker exploiting this vulnerability could disrupt industrial processes by causing device outages or failures, potentially leading to operational downtime or safety risks. The lack of authentication requirement and the ability to trigger the DoS remotely increase the attack surface and risk profile for organizations using these devices.

Potential Impact

For European organizations, particularly those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a substantial risk. WAGO controllers are widely deployed in European industrial environments due to the company's German origin and strong presence in the European automation market. A successful DoS attack could halt production lines, disrupt energy distribution, or impair building automation systems, leading to financial losses, safety hazards, and regulatory compliance issues. The unavailability of these controllers could also affect supply chains and critical services, amplifying the impact beyond the immediate target. Given the vulnerability requires no authentication and can be exploited remotely, attackers could leverage this flaw to cause widespread disruption without needing insider access. Although no known exploits are reported, the simplicity of the attack vector and the critical role of these devices in industrial control systems make this a high-priority threat for European organizations relying on WAGO hardware.

Mitigation Recommendations

1. Network Segmentation: Isolate WAGO 750-81xx/xxx-xxxFW devices on dedicated network segments with strict access controls to limit exposure to untrusted networks. 2. Access Control Lists (ACLs): Implement ACLs on network devices to restrict traffic to and from the WAGO devices, allowing only trusted management stations or control systems to communicate with them. 3. Intrusion Detection and Prevention: Deploy IDS/IPS solutions with signatures or anomaly detection tuned to identify and block malformed packets targeting the I/O-Check Service. 4. Monitoring and Logging: Enable detailed logging on network devices and WAGO controllers to detect unusual traffic patterns or repeated connection attempts that may indicate exploitation attempts. 5. Firmware Updates: Although no patches are currently listed, maintain close contact with WAGO for firmware updates or advisories and apply patches promptly once available. 6. Incident Response Planning: Develop and test incident response procedures specific to industrial control system DoS scenarios to minimize downtime and coordinate rapid recovery. 7. Vendor Engagement: Engage with WAGO support to confirm device configurations that may mitigate the vulnerability, such as disabling unused services or applying recommended hardening guidelines. 8. Physical Security: Ensure physical security controls prevent unauthorized access to devices, reducing the risk of local exploitation or configuration tampering.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERTVDE
Date Reserved
2021-06-10T19:19:08.023Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9839c4522896dcbecc81

Added to database: 5/21/2025, 9:09:13 AM

Last enriched: 6/25/2025, 6:56:54 PM

Last updated: 7/26/2025, 11:05:55 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats