Search criteria
6 vulnerabilities found for 750-885/xxx-xxx by Wago
CVE-2023-1620 (GCVE-0-2023-1620)
Vulnerability from cvelistv5 – Published: 2023-06-26 06:19 – Updated: 2024-11-12 14:11
VLAI?
Title
WAGO: DoS in multiple products in multiple versions using Codesys
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Severity ?
4.9 (Medium)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Daniel dos Santos from Forescout
Abdelrahman Hassanien from Forescout
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:30:42.286955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:11:36.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:51.078Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple products in multiple versions using Codesys",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1620",
"datePublished": "2023-06-26T06:19:30.928Z",
"dateReserved": "2023-03-24T10:12:26.426Z",
"dateUpdated": "2024-11-12T14:11:36.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1619 (GCVE-0-2023-1619)
Vulnerability from cvelistv5 – Published: 2023-06-26 06:18 – Updated: 2024-10-02 05:28
VLAI?
Title
WAGO: DoS in multiple versions of multiple products
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Severity ?
4.9 (Medium)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Daniel dos Santos from Forescout
Abdelrahman Hassanien from Forescout
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:23.250Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple versions of multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1619",
"datePublished": "2023-06-26T06:18:33.981Z",
"dateReserved": "2023-03-24T10:12:25.218Z",
"dateUpdated": "2024-10-02T05:28:23.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12505 (GCVE-0-2020-12505)
Vulnerability from cvelistv5 – Published: 2020-09-30 15:43 – Updated: 2024-09-16 18:08
VLAI?
Title
WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
Severity ?
8.2 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 750-852 |
Affected:
unspecified , ≤ FW07
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.
coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "750-852",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-880/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-881",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-831/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-882",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-885/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-889",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "en",
"value": "coordinated by CERT@VDE"
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:21:59",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-027"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW07)."
}
],
"source": {
"advisory": "vde-2020-027",
"defect": [
"vde-2020-027"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-09-29T22:00:00.000Z",
"ID": "CVE-2020-12505",
"STATE": "PUBLIC",
"TITLE": "WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "750-852",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-880/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-881",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-831/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-882",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-885/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-889",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "eng",
"value": "coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-027",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-027"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW07)."
}
],
"source": {
"advisory": "vde-2020-027",
"defect": [
"vde-2020-027"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12505",
"datePublished": "2020-09-30T15:43:20.359532Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T18:08:56.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1620 (GCVE-0-2023-1620)
Vulnerability from nvd – Published: 2023-06-26 06:19 – Updated: 2024-11-12 14:11
VLAI?
Title
WAGO: DoS in multiple products in multiple versions using Codesys
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Severity ?
4.9 (Medium)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Daniel dos Santos from Forescout
Abdelrahman Hassanien from Forescout
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:30:42.286955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:11:36.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:51.078Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple products in multiple versions using Codesys",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1620",
"datePublished": "2023-06-26T06:19:30.928Z",
"dateReserved": "2023-03-24T10:12:26.426Z",
"dateUpdated": "2024-11-12T14:11:36.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1619 (GCVE-0-2023-1619)
Vulnerability from nvd – Published: 2023-06-26 06:18 – Updated: 2024-10-02 05:28
VLAI?
Title
WAGO: DoS in multiple versions of multiple products
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Severity ?
4.9 (Medium)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Daniel dos Santos from Forescout
Abdelrahman Hassanien from Forescout
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:23.250Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple versions of multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1619",
"datePublished": "2023-06-26T06:18:33.981Z",
"dateReserved": "2023-03-24T10:12:25.218Z",
"dateUpdated": "2024-10-02T05:28:23.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12505 (GCVE-0-2020-12505)
Vulnerability from nvd – Published: 2020-09-30 15:43 – Updated: 2024-09-16 18:08
VLAI?
Title
WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
Severity ?
8.2 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 750-852 |
Affected:
unspecified , ≤ FW07
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.
coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "750-852",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-880/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-881",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-831/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-882",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-885/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-889",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "en",
"value": "coordinated by CERT@VDE"
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:21:59",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-027"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW07)."
}
],
"source": {
"advisory": "vde-2020-027",
"defect": [
"vde-2020-027"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-09-29T22:00:00.000Z",
"ID": "CVE-2020-12505",
"STATE": "PUBLIC",
"TITLE": "WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "750-852",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-880/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-881",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-831/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-882",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-885/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
},
{
"product_name": "750-889",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW07"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "eng",
"value": "coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-027",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-027"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW07)."
}
],
"source": {
"advisory": "vde-2020-027",
"defect": [
"vde-2020-027"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12505",
"datePublished": "2020-09-30T15:43:20.359532Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T18:08:56.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}