Vulnerabilites related to wago - 750-363_firmware
Vulnerability from fkie_nvd
Published
2021-08-31 11:15
Modified
2024-11-21 06:10
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-044 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-044 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-890\/040-000_firmware | * | |
| wago | 750-890\/040-000 | - | |
| wago | 750-890\/025-001_firmware | * | |
| wago | 750-890\/025-001 | - | |
| wago | 750-890\/025-002_firmware | * | |
| wago | 750-890\/025-002 | - | |
| wago | 750-890\/025-000_firmware | * | |
| wago | 750-890\/025-000 | - | |
| wago | 750-832\/000-002_firmware | * | |
| wago | 750-832\/000-002 | - | |
| wago | 750-362_firmware | * | |
| wago | 750-362 | - | |
| wago | 750-823_firmware | * | |
| wago | 750-823 | - | |
| wago | 750-832_firmware | * | |
| wago | 750-832 | - | |
| wago | 750-363_firmware | * | |
| wago | 750-363 | - | |
| wago | 750-862_firmware | * | |
| wago | 750-862 | - | |
| wago | 750-891_firmware | * | |
| wago | 750-891 | - | |
| wago | 750-893_firmware | * | |
| wago | 750-893 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/040-000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A2236BD-E06A-400E-9211-AA2C49E72D55",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7862FE67-A0D9-4E4D-B7BD-EB70CF0260A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/025-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "274284C1-1A85-455B-8769-B89A3A791B11",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2C91AA-9BD8-4856-B9AB-8E6CEAF8C8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/025-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98C61B3D-E690-422E-87CB-C57576D28BB7",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/025-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB6B55-D27F-4939-832A-A391F6A3E89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/025-000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8E5F8B-B3CD-42DF-8189-11949D6EAA39",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0B4137-C73C-47D0-8489-CA0EF41ED9A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-832\\/000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB48D0AC-BB0D-4808-881D-F42A241B9330",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-832\\/000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F21D094-AE7C-4501-83F1-0884CB549F3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23FE888E-4932-4ADE-A9B9-8E23F481EDF3",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6330A839-FAE3-43EB-B1AA-BA6844D9906D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE00E32-0C93-47A2-9F61-7859F72ABAED",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB88572A-CB05-4B52-8BFC-05EFDC819244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0D0957-0371-4FB2-A5B0-FE9F1FA4000A",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D1FA8D-C8BA-4D1C-8372-DECD40177631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCF9DCE-95D3-4F82-A24F-3217553E754A",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54E13E9C-226E-4BD6-8F0C-3061092E892A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A9D182-2CF5-4137-AACF-36B760B18A20",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA04FBFB-9E1C-4618-9FDC-70675506D8D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3010D6-1319-4458-B4B1-C7470B3950F9",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BAABD9-A10D-4904-AA02-C37C4490B47A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D636186-A586-4A4E-ACFC-5BCB2E4F7484",
"versionEndIncluding": "fw07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4795D0-B90B-4643-8713-88D89172D1A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a un atacante que tenga acceso al WBM leer y escribir par\u00e1metros de configuraci\u00f3n del dispositivo mediante el env\u00edo de peticiones espec\u00edficamente construidas sin autenticaci\u00f3n en m\u00faltiples PLCs de WAGO en versiones del firmware hasta FW07"
}
],
"id": "CVE-2021-34578",
"lastModified": "2024-11-21T06:10:44.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-31T11:15:07.777",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 16:15
Modified
2024-11-21 04:59
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-028 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-028 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-362_firmware | * | |
| wago | 750-362 | - | |
| wago | 750-363_firmware | * | |
| wago | 750-363 | - | |
| wago | 750-823_firmware | * | |
| wago | 750-823 | - | |
| wago | 750-832_firmware | * | |
| wago | 750-832 | - | |
| wago | 750-862_firmware | * | |
| wago | 750-862 | - | |
| wago | 750-891_firmware | * | |
| wago | 750-891 | - | |
| wago | 750-890_firmware | * | |
| wago | 750-890 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1972A796-844D-47A1-A9EA-37E7A548D8DC",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6330A839-FAE3-43EB-B1AA-BA6844D9906D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13752AD0-7ED9-446E-99F8-153B62BEB062",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54E13E9C-226E-4BD6-8F0C-3061092E892A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3507C4-737A-40F4-B595-45BB1864C5DE",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB88572A-CB05-4B52-8BFC-05EFDC819244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5FF9F1-E281-4E15-920D-C273A5C87EC2",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D1FA8D-C8BA-4D1C-8372-DECD40177631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D58CF92D-B614-4878-8D1E-182CE7108912",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA04FBFB-9E1C-4618-9FDC-70675506D8D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D36F87-6C54-4CE8-A38B-3FF525B34C47",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BAABD9-A10D-4904-AA02-C37C4490B47A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0E9003-3D94-419B-8812-48E5854DF23D",
"versionEndIncluding": "fw03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11751A8B-FCFD-433B-9065-B4FC85168A93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
},
{
"lang": "es",
"value": "La vulnerabilidad de autenticaci\u00f3n inadecuada en la serie WAGO 750-8XX con versi\u00f3n FW versiones anteriores e iguales a FW03 permite a un atacante cambiar la configuraci\u00f3n de los dispositivos mediante el env\u00edo de solicitudes espec\u00edficamente construidas sin autenticaci\u00f3n Este problema afecta a: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx en versiones FW03 y anteriores."
}
],
"id": "CVE-2020-12506",
"lastModified": "2024-11-21T04:59:49.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-09-30T16:15:12.777",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-26 07:15
Modified
2024-11-21 07:38
Severity ?
Summary
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-005/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-363\\/040-000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B342-9D43-4D79-A350-0881F77E85F1",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-363\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2ACE30-6FC4-4AAE-8EEF-D8F3C3CE814F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-362\\/040-000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B010D10D-608D-499F-B5E7-5D768EA95242",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-362\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A3A21A-1E9D-458E-9385-93DD645AA04B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-362\\/000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAC91DD-6F37-441C-BA36-AD969ABAD4C0",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-362\\/000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18F9CAA7-5ED8-4ACE-BBF9-0453C1BABDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5778A709-DBFB-450A-B333-A58F69461A00",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BAABD9-A10D-4904-AA02-C37C4490B47A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-365\\/040-010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAED5DA-800C-4442-BC88-3AC82180F1AA",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-365\\/040-010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B754A9-F107-4336-8B80-D74B4EC0A606",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-364\\/040-010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87F9FA7F-D1B8-4C5E-9981-067A2D66E015",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-364\\/040-010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DD0E12-B916-4D5D-8407-D642A2B79998",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496AE8E5-8E5A-4D93-9D1E-F558AC67B292",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6330A839-FAE3-43EB-B1AA-BA6844D9906D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCCC46-B213-4EC8-B8DF-BE7774C7731E",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54E13E9C-226E-4BD6-8F0C-3061092E892A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E7270D-BA8B-482E-B15B-5F92F8646CB8",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB88572A-CB05-4B52-8BFC-05EFDC819244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "324FC413-AC5B-41A7-891A-F1A804F8C25E",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D1FA8D-C8BA-4D1C-8372-DECD40177631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-832\\/000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291B13B5-3895-4F06-9CB9-C81BBE4961C2",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-832\\/000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F21D094-AE7C-4501-83F1-0884CB549F3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4410A1-EF14-47A1-91BB-30AD9340E38C",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA04FBFB-9E1C-4618-9FDC-70675506D8D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7519056-04A3-4E7A-AF71-BF459E0E6141",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11751A8B-FCFD-433B-9065-B4FC85168A93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/025-000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F67429CE-3C16-4EB8-8373-F963947FCB17",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0B4137-C73C-47D0-8489-CA0EF41ED9A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/025-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D88C6F15-0379-47C4-ADB4-9CB7661AD044",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2C91AA-9BD8-4856-B9AB-8E6CEAF8C8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/025-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C70D5A-7780-40B4-B3A9-79964324E32C",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/025-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB6B55-D27F-4939-832A-A391F6A3E89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890\\/040-000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26E6806C-0EEF-4772-A64D-1C2124518991",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7862FE67-A0D9-4E4D-B7BD-EB70CF0260A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94C15A80-4AB7-46A8-8ADC-A57A07F4CFA4",
"versionEndExcluding": "fw11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4795D0-B90B-4643-8713-88D89172D1A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"id": "CVE-2023-1150",
"lastModified": "2024-11-21T07:38:33.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2023-06-26T07:15:08.877",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
cve-2023-1150
Vulnerability from cvelistv5
Published
2023-06-26 06:19
Modified
2024-12-05 19:07
Severity ?
EPSS score ?
Summary
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | WAGO | 750-332 |
Version: 0 ≤ FW10 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:06:44.632463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:07:34.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-362/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-363/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-364/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-365/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Roman Ezhov from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:26:51.589Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"source": {
"advisory": "VDE-2023-005",
"defect": [
"CERT@VDE#64392"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Series 750-3x/-8x prone to MODBUS server DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1150",
"datePublished": "2023-06-26T06:19:53.942Z",
"dateReserved": "2023-03-02T05:38:38.812Z",
"dateUpdated": "2024-12-05T19:07:34.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12506
Vulnerability from cvelistv5
Published
2020-09-30 15:43
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-028 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "750-362",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-363",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-823",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-832/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-862",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-891",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-890/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "en",
"value": "coordinated by CERT@VDE"
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:22:01",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW03)."
}
],
"source": {
"advisory": "vde-2020-028",
"defect": [
"vde-2020-028"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions \u003c= FW03",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-09-29T22:00:00.000Z",
"ID": "CVE-2020-12506",
"STATE": "PUBLIC",
"TITLE": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions \u003c= FW03"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "750-362",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-363",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-823",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-832/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-862",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-891",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-890/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "eng",
"value": "coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-028",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW03)."
}
],
"source": {
"advisory": "vde-2020-028",
"defect": [
"vde-2020-028"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12506",
"datePublished": "2020-09-30T15:43:20.405315Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-17T00:06:46.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34578
Vulnerability from cvelistv5
Published
2021-08-31 10:33
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-044 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLC",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-362",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-363",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-823",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-832/xxx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-862",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-891",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-890/xxx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-893",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T10:33:01",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the device to the latest FW version."
}
],
"source": {
"advisory": "VDE-2020-044",
"discovery": "EXTERNAL"
},
"title": "WAGO: Authentication Vulnerability in Web-Based Management",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T07:00:00.000Z",
"ID": "CVE-2021-34578",
"STATE": "PUBLIC",
"TITLE": "WAGO: Authentication Vulnerability in Web-Based Management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "750-362",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-363",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-823",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-832/xxx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-862",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-891",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-890/xxx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-893",
"version_value": "FW07"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-044",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the device to the latest FW version."
}
],
"source": {
"advisory": "VDE-2020-044",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34578",
"datePublished": "2021-08-31T10:33:01.868564Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T18:33:25.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}