CVE-2018-8836

Name of the Vulnerable Software and Affected Versions Wago 750 Series PLCs versions 10 and prior

Description The issue is related to an improper implementation of the 3-way handshake during a TCP connection, affecting communications with commission and service tools. An attacker may send specially crafted packets to Port 2455/TCP/IP, which is used in Codesys management software, potentially resulting in a denial-of-service condition of communications with commissioning and service tools.

Recommendations For Wago 750 Series PLCs versions 10 and prior, consider restricting access to Port 2455/TCP/IP as a temporary workaround to minimize the risk of exploitation. Additionally, avoid using the affected Codesys management software until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.