var-201708-0126
Vulnerability from variot
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-881",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-881",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i/o plc 750-849",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 750-881",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 758-870",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "758-870"
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-849"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 750-881",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-881",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.02.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 881",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 881",
"version": "01.02.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.02.05"
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-881_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_758-870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
},
"cve": "CVE-2015-6472",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6472",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84433",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6472",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6472",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-6472",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-05504",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-390",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84433",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "VULHUB",
"id": "VHN-84433"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-84433",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84433"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6472",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "136077",
"trust": 2.5
},
{
"db": "BID",
"id": "84138",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05504",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754",
"trust": 0.8
},
{
"db": "IVD",
"id": "0F92EA1A-46D5-4C59-97AA-B0A9D0C1169F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84433",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"id": "VAR-201708-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
}
],
"trust": 1.6970521357142858
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
}
]
},
"last_update_date": "2024-11-23T22:38:27.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "WAGO IO PLC has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79416"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/136077/wago-io-plc-758-870-750-849-credential-management-privilege-separation.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/84138"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/mar/4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6472"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6472"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84433"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"date": "2017-08-22T18:29:00.233000",
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"date": "2021-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84433"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"date": "2024-11-21T02:35:02.157000",
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WAGO IO Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.