Vulnerabilites related to wago - 750-849
Vulnerability from fkie_nvd
Published
2017-08-22 18:29
Modified
2024-11-21 02:35
Severity ?
Summary
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-849_firmware | 01.01.27 | |
| wago | 750-849_firmware | 01.02.05 | |
| wago | 750-849 | - | |
| wago | 750-881_firmware | 01.01.27 | |
| wago | 750-881_firmware | 01.02.05 | |
| wago | 750-881 | - | |
| wago | 758-870_firmware | 01.01.27 | |
| wago | 758-870_firmware | 01.02.05 | |
| wago | 758-870 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFA37F5-4A26-4590-BCC5-4FAE55FE7D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A311D5FA-24F5-4BC6-9F66-3FA5E804BE4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-849:-:*:*:*:*:*:*:*",
"matchCriteriaId": "408CF00F-D4F8-493C-B3F8-889E63E8EE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-881_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "826896CE-D379-4D02-891B-1323ECBF49FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:750-881_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "072F7993-F0AE-4A99-B04C-98BD09949F41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA0F552-D624-4B6C-B09D-0E7BD948356A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "0A993A3C-784A-4E0E-AD96-C0D46B63AFD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:758-870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF59E5C-927A-4499-82C3-49E047C39B9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management."
},
{
"lang": "es",
"value": "WAGO IO 750-849 01.01.27 y 01.02.05, WAGO IO 750-881, y WAGO IO 758-870 tienen una gesti\u00f3n de credenciales d\u00e9bil."
}
],
"id": "CVE-2015-6472",
"lastModified": "2024-11-21T02:35:02.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-22T18:29:00.233",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-22 18:29
Modified
2024-11-21 02:35
Severity ?
Summary
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-849_firmware | 01.01.27 | |
| wago | 750-849 | - | |
| wago | 758-870_firmware | 01.01.27 | |
| wago | 758-870_firmware | 01.02.05 | |
| wago | 758-870 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFA37F5-4A26-4590-BCC5-4FAE55FE7D3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-849:-:*:*:*:*:*:*:*",
"matchCriteriaId": "408CF00F-D4F8-493C-B3F8-889E63E8EE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA0F552-D624-4B6C-B09D-0E7BD948356A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "0A993A3C-784A-4E0E-AD96-C0D46B63AFD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:758-870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF59E5C-927A-4499-82C3-49E047C39B9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation."
},
{
"lang": "es",
"value": "WAGO IO 750-849 01.01.27 y WAGO IO 750-881 01.02.05 no contienen separaci\u00f3n de privilegios."
}
],
"id": "CVE-2015-6473",
"lastModified": "2024-11-21T02:35:02.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-22T18:29:00.263",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-07 22:29
Modified
2024-11-21 04:19
Severity ?
Summary
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-830_firmware | * | |
| wago | 750-830 | - | |
| wago | 750-849_firmware | * | |
| wago | 750-849 | - | |
| wago | 750-871_firmware | * | |
| wago | 750-871 | - | |
| wago | 750-872_firmware | * | |
| wago | 750-872 | - | |
| wago | 750-873_firmware | * | |
| wago | 750-873 | - | |
| wago | 750-330_firmware | * | |
| wago | 750-330 | - | |
| wago | 750-352_firmware | * | |
| wago | 750-352 | - | |
| wago | 750-829_firmware | * | |
| wago | 750-829 | - | |
| wago | 750-831_firmware | * | |
| wago | 750-831 | - | |
| wago | 750-852_firmware | * | |
| wago | 750-852 | - | |
| wago | 750-880_firmware | * | |
| wago | 750-880 | - | |
| wago | 750-881_firmware | * | |
| wago | 750-881 | - | |
| wago | 750-882_firmware | * | |
| wago | 750-882 | - | |
| wago | 750-884_firmware | * | |
| wago | 750-884 | - | |
| wago | 750-885_firmware | * | |
| wago | 750-885 | - | |
| wago | 750-889_firmware | * | |
| wago | 750-889 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBF6F1C-BE8B-446F-9F88-EE663E87A837",
"versionEndExcluding": "06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "535D9B38-A7F3-47A8-9107-30BCB67AA38A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D001AA5F-B765-4B96-8FD4-1C2FF596609D",
"versionEndExcluding": "08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-849:-:*:*:*:*:*:*:*",
"matchCriteriaId": "408CF00F-D4F8-493C-B3F8-889E63E8EE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-871_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "076BEC2A-AA3E-4916-A5E1-304EAC6802FC",
"versionEndExcluding": "11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF67808-FAD2-4504-91AB-3545AC650053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-872_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34539AFB-A7AD-4684-9AEA-C9AC0CE3E06E",
"versionEndExcluding": "07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-872:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1071B49C-C632-4E24-84AD-D7921970369A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-873_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0284154D-CD73-42B2-9866-3145DBB5EDD9",
"versionEndExcluding": "07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B31C89-B021-4390-B50F-9D4DE9E80C71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-330_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79C49B6-7004-44BB-A74E-9349A0CB692E",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E75CD3-9934-44E2-8B43-D7490741AA27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E001859-A338-43DA-877E-C43F57E7F9AD",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-352:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0865A4-6C89-4470-98E3-7E90BDF94D15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2A6682-1879-4BA1-A253-2E0B386EC962",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3631065F-27D6-4217-84EA-A8B40CC1F38F",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0631884-FF6F-4AA9-9D76-CDECB5A738FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E940C38-F03A-4D81-9AEA-C3CAC90916E8",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6739E1-EF0B-48EE-90FC-5708756FC362",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5974664-66D9-45BC-8977-98E3CE1D282F",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEAC4D9-15CF-44B8-844D-C012AA4637A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B66D0B-53CF-4018-831A-5A67CBA51B14",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC71AA4-B3F4-40AE-8BEF-C45FECF79359",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1379D65-F376-4618-B708-5E59D64C8033",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52C0C64-C91C-4B4C-80A7-CF19BC7CF15B",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-884:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13E1FF30-AA64-4EEB-8A7E-E6C118BB638E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C479541-01CF-4CA6-B35F-80D6DC756AFE",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7712F56E-AEBA-4DE0-9172-26F3D29B369B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2B7B07-532C-4D7B-B168-A9C3700EE8DD",
"versionEndExcluding": "14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57919AAB-2962-4543-810A-C143300351F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access."
},
{
"lang": "es",
"value": "Los dispositivos Web-GUI de las series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) y 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) de WAGO disponen de acceso a servicios no documentados."
}
],
"id": "CVE-2019-10712",
"lastModified": "2024-11-21T04:19:47.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T22:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108482"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-008"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201708-0126
Vulnerability from variot
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-881",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-881",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i/o plc 750-849",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 750-881",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 758-870",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "758-870"
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-849"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 750-881",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-881",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.02.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 881",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 881",
"version": "01.02.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.02.05"
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-881_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_758-870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
},
"cve": "CVE-2015-6472",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6472",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84433",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6472",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6472",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-6472",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-05504",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-390",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84433",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "VULHUB",
"id": "VHN-84433"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-84433",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84433"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6472",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "136077",
"trust": 2.5
},
{
"db": "BID",
"id": "84138",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05504",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754",
"trust": 0.8
},
{
"db": "IVD",
"id": "0F92EA1A-46D5-4C59-97AA-B0A9D0C1169F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84433",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"id": "VAR-201708-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
}
],
"trust": 1.6970521357142858
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
}
]
},
"last_update_date": "2024-11-23T22:38:27.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "WAGO IO PLC has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79416"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/136077/wago-io-plc-758-870-750-849-credential-management-privilege-separation.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/84138"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/mar/4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6472"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6472"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84433"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"date": "2017-08-22T18:29:00.233000",
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"date": "2021-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84433"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"date": "2024-11-21T02:35:02.157000",
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WAGO IO Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
}
}
var-201708-0127
Vulnerability from variot
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. WAGO IO 750-849 and WAGO IO 750-881 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. A security vulnerability exists in WAGO IO 750-849 version 01.01.27 and WAGO IO 750-881 version 01.02.05. An attacker could use the default account to exploit this vulnerability to control and change the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i/o plc 750-849",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 750-881",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "758-870"
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-849"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.02.05"
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-881_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
}
],
"trust": 0.6
},
"cve": "CVE-2015-6473",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6473",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05505",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "af646046-1130-4e49-a25e-dd43e2c49f38",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84434",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6473",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6473",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-6473",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-05505",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-391",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84434",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-6473",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. WAGO IO 750-849 and WAGO IO 750-881 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. A security vulnerability exists in WAGO IO 750-849 version 01.01.27 and WAGO IO 750-881 version 01.02.05. An attacker could use the default account to exploit this vulnerability to control and change the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6473",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "136077",
"trust": 2.6
},
{
"db": "BID",
"id": "84138",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05505",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755",
"trust": 0.8
},
{
"db": "IVD",
"id": "AF646046-1130-4E49-A25E-DD43E2C49F38",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84434",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6473",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"id": "VAR-201708-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
}
],
"trust": 1.6970521357142858
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
}
]
},
"last_update_date": "2024-11-23T22:38:27.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "WAGO IO PLC has multiple bugs (CNVD-2016-05505) patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://packetstormsecurity.com/files/136077/wago-io-plc-758-870-750-849-credential-management-privilege-separation.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/84138"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/mar/4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6473"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6473"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84434"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"date": "2017-08-22T18:29:00.263000",
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"date": "2017-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-84434"
},
{
"date": "2017-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"date": "2024-11-21T02:35:02.297000",
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 and WAGO IO 750-881 Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
}
],
"trust": 0.6
}
}
var-201905-1110
Vulnerability from variot
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. Wago series 750-88x and 750-87x The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.
WAGO Series 750-88x and 750-87x have a vulnerability in trust management issues. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates and other attacks. Components. Successfully exploiting this issue allows a remote attacker to change the settings or alter the programming of the device. The following versions of Series 750-88x and 750-87x are affected: 750-330 firmware versions prior to FW14 750-352 firmware versions prior to FW14 750-829 firmware versions prior to FW14 750-831 firmware versions prior to FW14 750-852 firmware versions prior to FW14 750-880 firmware versions prior to FW14 750-881 firmware versions prior to FW14 750-882 firmware versions prior to FW14 750-884 firmware versions prior to FW14 750-885 firmware versions prior to FW14 750-889 firmware versions prior to FW14 750-830 firmware versions prior to FW06 750-849 firmware versions prior to FW08 750-871 firmware versions prior to FW11 750-872 firmware versions prior to FW07 750-873 firmware versions prior to FW07
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1110",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-880",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-352",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-885",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-330",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-831",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-849",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "08"
},
{
"model": "750-852",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-871",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "11"
},
{
"model": "750-881",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-872",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "07"
},
{
"model": "750-829",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-884",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-873",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "07"
},
{
"model": "750-889",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-830",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "06"
},
{
"model": "750-882",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-330",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-352",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-829",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-830",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-831",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-849",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-852",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-871",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-872",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-873",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-330"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-352"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-829"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-831"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-852"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-880"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-881"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-882"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-884"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-885"
},
{
"model": "\u003cfw14",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-889"
},
{
"model": "\u003cfw06",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-830"
},
{
"model": "\u003cfw08",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-849"
},
{
"model": "\u003cfw11",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-871"
},
{
"model": "\u003cfw07",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-872"
},
{
"model": "\u003cfw07",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-873"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8890"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8850"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8840"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8820"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8810"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8800"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8730"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8720"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8710"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8520"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8490"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8310"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8300"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8290"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-3520"
},
{
"model": "series",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-3300"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-88914"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-88514"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-88414"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-88214"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-88114"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-88014"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-87307"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-87207"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-87111"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-85214"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-84908"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-83114"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-83006"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-82914"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-35214"
},
{
"model": "series",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-33014"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "BID",
"id": "108482"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:750-330_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-352_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-829_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-830_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-831_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-852_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-871_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-872_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:750-873_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "J??rn Schneeweisz/Recurity Labs,Reported by J?rn Schneeweisz/Recurity Labs to CERT-Bund coordinated by CERT@VDE with NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10712",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-36951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10712",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10712",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-10712",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-36951",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-768",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-10712",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "VULMON",
"id": "CVE-2019-10712"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
},
{
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. Wago series 750-88x and 750-87x The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \n\r\n\r\nWAGO Series 750-88x and 750-87x have a vulnerability in trust management issues. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates and other attacks. Components. \nSuccessfully exploiting this issue allows a remote attacker to change the settings or alter the programming of the device. \nThe following versions of Series 750-88x and 750-87x are affected:\n750-330 firmware versions prior to FW14\n750-352 firmware versions prior to FW14\n750-829 firmware versions prior to FW14\n750-831 firmware versions prior to FW14\n750-852 firmware versions prior to FW14\n750-880 firmware versions prior to FW14\n750-881 firmware versions prior to FW14\n750-882 firmware versions prior to FW14\n750-884 firmware versions prior to FW14\n750-885 firmware versions prior to FW14\n750-889 firmware versions prior to FW14\n750-830 firmware versions prior to FW06\n750-849 firmware versions prior to FW08\n750-871 firmware versions prior to FW11\n750-872 firmware versions prior to FW07\n750-873 firmware versions prior to FW07",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10712"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "BID",
"id": "108482"
},
{
"db": "VULMON",
"id": "CVE-2019-10712"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10712",
"trust": 3.4
},
{
"db": "CERT@VDE",
"id": "VDE-2019-008",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-106-02",
"trust": 2.4
},
{
"db": "BID",
"id": "108482",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36951",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1311",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10712",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "VULMON",
"id": "CVE-2019-10712"
},
{
"db": "BID",
"id": "108482"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
},
{
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"id": "VAR-201905-1110",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
}
],
"trust": 1.438023100909091
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
}
]
},
"last_update_date": "2024-11-23T23:08:24.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "Patch for WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225033"
},
{
"title": "WAGO 750-88x Series and WAGO 750-87x Series Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91566"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/108482"
},
{
"trust": 2.5,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-008"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10712"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-02"
},
{
"trust": 0.9,
"url": "http://www.wago.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10712"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-106-02"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-106-02"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79170"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "VULMON",
"id": "CVE-2019-10712"
},
{
"db": "BID",
"id": "108482"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
},
{
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "VULMON",
"id": "CVE-2019-10712"
},
{
"db": "BID",
"id": "108482"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
},
{
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10712"
},
{
"date": "2019-05-28T00:00:00",
"db": "BID",
"id": "108482"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-768"
},
{
"date": "2019-05-07T22:29:00.207000",
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10712"
},
{
"date": "2019-05-28T00:00:00",
"db": "BID",
"id": "108482"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004431"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-768"
},
{
"date": "2024-11-21T04:19:47.313000",
"db": "NVD",
"id": "CVE-2019-10712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36951"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-768"
}
],
"trust": 0.6
}
}
cve-2019-10712
Vulnerability from cvelistv5
Published
2019-05-07 21:20
Modified
2024-08-04 22:32
Severity ?
EPSS score ?
Summary
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-008"
},
{
"name": "108482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108482"
},
{
"name": "[cassandra-commits] 20200407 [jira] [Created] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200413 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Updated] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3Ccommits.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T10:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-008"
},
{
"name": "108482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108482"
},
{
"name": "[cassandra-commits] 20200407 [jira] [Created] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200413 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Updated] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3Ccommits.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2019-008",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2019-008"
},
{
"name": "108482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108482"
},
{
"name": "[cassandra-commits] 20200407 [jira] [Created] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200413 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Updated] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a@%3Ccommits.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10712",
"datePublished": "2019-05-07T21:20:03",
"dateReserved": "2019-04-02T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6473
Vulnerability from cvelistv5
Published
2017-08-22 18:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Mar/4 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/84138 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84138"
},
{
"name": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6473",
"datePublished": "2017-08-22T18:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6472
Vulnerability from cvelistv5
Published
2017-08-22 18:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Mar/4 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/84138 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T17:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84138"
},
{
"name": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6472",
"datePublished": "2017-08-22T18:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}