Remote Denial of Service Vulnerability in Vendor's Controller
CVE-2018-25108

7.5HIGH

Key Information:

Vendor: Wago
Status: 750-8100 (controller Pfc100); 750-831 (controller Bacnet/ip); 750-880 (controller Eth); 750-889 (controller Knx Ip)
Vendor: CVE Published:; 16 January 2025

Summary

A remote attacker can exploit this vulnerability by sending specially crafted requests to the controller, leading to uncontrolled resource consumption. This condition results in a denial of service, impacting the availability of the controller service and potentially disrupting operations for users.

Affected Version(s)

750-8100 (Controller PFC100) 0 <= 02.05.23(08)

750-831 (Controller BACnet/IP) 0 <= 01.02.29(09)

750-880 (Controller ETH) 0 <= 01.07.03(10)

References

https://cert.vde.com/en/advisories/VDE-2018-013

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

Matthias Niedermaier (Hochschule Augsburg)

Jan-Ole Malchow (Freie Universität Berlin)

Florian Fischer (Hochschule Augsburg)