{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T14:20:09.926","vulnerabilities":[{"cve":{"id":"CVE-2018-8836","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2018-04-03T13:29:00.277","lastModified":"2024-11-21T04:14:25.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools."},{"lang":"es","value":"Los PLC Wago 750 Series, con versiones de firmware 10 y anteriores, incluyen un ataque remoto que podría aprovecharse de una implementación incorrecta de la negociación a tres bandas durante una conexión TCP, lo que afecta a las comunicaciones con las herramientas de comisión y servicio. Los paquetes especialmente manipulados también podrían enviarse al puerto 2455/TCP/IP, empleado en el software de gestión Codesys, lo que podría resultar en una condición de denegación de servicio de las comunicaciones con las herramientas de comisión y servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"D443B788-5E7F-4B07-ADCE-7B4A5F3D2CE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*","matchCriteriaId":"CFEAC4D9-15CF-44B8-844D-C012AA4637A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"015AA9DF-8769-4053-984B-BFD884A80699"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE51647-62C1-4D3C-91FA-13ACA6CD71D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"4807A1D3-0154-4CA6-AAAC-DC4A0CCA2A96"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*","matchCriteriaId":"9D6739E1-EF0B-48EE-90FC-5708756FC362"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"2FC244EF-D2FC-4C1C-AB48-690F5F48CBC8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*","matchCriteriaId":"B1379D65-F376-4618-B708-5E59D64C8033"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"51C795D3-6E76-4BDD-BE14-F81D2E2A90EC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*","matchCriteriaId":"7712F56E-AEBA-4DE0-9172-26F3D29B369B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"D018BF5D-8BEA-4A4C-AA10-2CE7F11100BA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*","matchCriteriaId":"F0631884-FF6F-4AA9-9D76-CDECB5A738FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"442AF102-0892-4715-B23B-9343AC81F7C1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*","matchCriteriaId":"57919AAB-2962-4543-810A-C143300351F8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10","matchCriteriaId":"08EE2328-5393-41AF-B27B-2666854A4274"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*","matchCriteriaId":"F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103726","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.wago.com/medias/Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf?context=bWFzdGVyfHJvb3R8MjgxNDk0fGFwcGxpY2F0aW9uL3BkZnxoOTcvaDhkLzkxNTAyMjMyMjA3NjYucGRmfGRlNWQ4ODc0NTE5M2UyNTUwNTIyNDRlOWFkNWI2YjNkMzg0YTVhYzlmYTBjNzM4MDdmNmYzOTM5M2ZlMGEzNzE","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.wago.com/medias/Vulnerability-in-the-WAGO-Ethernet-TCP-IP-driver.pdf?context=bWFzdGVyfHJvb3R8MjgxNDk0fGFwcGxpY2F0aW9uL3BkZnxoOTcvaDhkLzkxNTAyMjMyMjA3NjYucGRmfGRlNWQ4ODc0NTE5M2UyNTUwNTIyNDRlOWFkNWI2YjNkMzg0YTVhYzlmYTBjNzM4MDdmNmYzOTM5M2ZlMGEzNzE","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}