Search criteria
26 vulnerabilities found for pfc100 by wago
VAR-202311-1670
Vulnerability from variot - Updated: 2024-01-18 23:01Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "25"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "24"
},
{
"model": "compact controller 100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "25"
},
{
"model": "edge controller",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "25"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 standard",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "25"
},
{
"model": "touch panel 600 marine",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "25"
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "edge controller",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "compact controller 100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:patch_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"cve": "CVE-2023-3379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "info@cert.vde.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-018600",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-3379",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2023-018600",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3379"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "VULMON",
"id": "CVE-2023-3379"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3379",
"trust": 2.7
},
{
"db": "CERT@VDE",
"id": "VDE-2023-015",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018600",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-3379",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-3379"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"id": "VAR-202311-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2024-01-18T23:01:35.634000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cert.vde.com/en/advisories/vde-2023-015/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-3379"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-3379"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3379"
},
{
"date": "2024-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"date": "2023-11-20T08:15:44.280000",
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3379"
},
{
"date": "2024-01-11T07:25:00",
"db": "JVNDB",
"id": "JVNDB-2023-018600"
},
{
"date": "2023-11-30T15:16:28.910000",
"db": "NVD",
"id": "CVE-2023-3379"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-018600"
}
],
"trust": 0.8
}
}
VAR-202305-1415
Vulnerability from variot - Updated: 2023-12-18 13:46In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-1415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "compact controller 100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "20"
},
{
"model": "pfc100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "compact controller 100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "20"
},
{
"model": "edge controller",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "20"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "compact controller 100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "edge controller",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "23",
"versionStartIncluding": "20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "23",
"versionStartIncluding": "20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "23",
"versionStartIncluding": "20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"cve": "CVE-2023-1698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-009971",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-1698",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-009971",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-1698"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "VULMON",
"id": "CVE-2023-1698"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-1698",
"trust": 2.7
},
{
"db": "CERT@VDE",
"id": "VDE-2023-007",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009971",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-1698",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-1698"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"id": "VAR-202305-1415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T13:46:01.870000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cert.vde.com/en/advisories/vde-2023-007/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1698"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-1698"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-1698"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-15T00:00:00",
"db": "VULMON",
"id": "CVE-2023-1698"
},
{
"date": "2023-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"date": "2023-05-15T09:15:09.510000",
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-15T00:00:00",
"db": "VULMON",
"id": "CVE-2023-1698"
},
{
"date": "2023-12-07T05:39:00",
"db": "JVNDB",
"id": "JVNDB-2023-009971"
},
{
"date": "2023-05-26T17:09:45.837000",
"db": "NVD",
"id": "CVE-2023-1698"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009971"
}
],
"trust": 0.8
}
}
VAR-202003-0675
Vulnerability from variot - Updated: 2023-12-18 13:37An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12). WAGO PFC100 and PFC200 There is a vulnerability related to information leakage due to the difference in response to security-related processing.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0675",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "NVD",
"id": "CVE-2019-5135"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5135"
}
]
},
"cve": "CVE-2019-5135",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014894",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17497",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-014894",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5135",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014894",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17497",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-357",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12). WAGO PFC100 and PFC200 There is a vulnerability related to information leakage due to the difference in response to security-related processing.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5135",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0924",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-17497",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-357",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894",
"trust": 0.8
},
{
"db": "IVD",
"id": "F2A4A6CD-D1D6-4070-B77F-FE0839BA6814",
"trust": 0.2
},
{
"db": "IVD",
"id": "D76EC9C3-0538-43BD-9A04-3266577FAEAC",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
]
},
"id": "VAR-202003-0675",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
}
],
"trust": 1.65716723
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
}
]
},
"last_update_date": "2023-12-18T13:37:55.873000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PFC200 Controller",
"trust": 0.8,
"url": "https://www.wago.com/us/pfc200"
},
{
"title": "PFC100 Controller",
"trust": 0.8,
"url": "https://www.wago.com/us/pfc100"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "CWE-203",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "NVD",
"id": "CVE-2019-5135"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0924"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5135"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5135"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"date": "2020-03-11T22:27:40.253000",
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17497"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014894"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-5135"
},
{
"date": "2020-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC100 and PFC200 Vulnerability related to information leakage caused by different responses to security-related processing in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014894"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
},
{
"db": "IVD",
"id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-357"
}
],
"trust": 1.0
}
}
VAR-201910-0872
Vulnerability from variot - Updated: 2023-12-18 12:50Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.35\\(12\\)"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "wago",
"version": "fw12"
},
{
"model": "pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "wago",
"version": "fw12"
},
{
"model": "series pfc100",
"scope": null,
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "series pfc200",
"scope": null,
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc100",
"version": "750-8101/000-010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc100",
"version": "750-8101/025-000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc200",
"version": "750-8102/025-000"
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "03.00.35\\(12\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"cve": "CVE-2019-18202",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-18202",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36938",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18202",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18202",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-18202",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-36938",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18202",
"trust": 3.2
},
{
"db": "CERT@VDE",
"id": "VDE-2019-017",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-36938",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E1B1036-BEB0-4EF4-8A24-7C7AF0EC364A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"id": "VAR-201910-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
}
],
"trust": 1.614148952
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
}
]
},
"last_update_date": "2023-12-18T12:50:01.154000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "Patch for WAGO Series PFC100 and WAGO Series PFC200 Improper Access Control Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/186775"
},
{
"title": "WAGO Series PFC100 and WAGO Series PFC200 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=100674"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-610",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-017"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18202"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18202"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"date": "2019-10-19T01:15:10.467000",
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"date": "2023-03-13T18:13:07.650000",
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"date": "2023-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO Series PFC100 and PFC200 Vulnerability related to externally controllable references to other domain resources on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
],
"trust": 0.8
}
}
VAR-201904-1022
Vulnerability from variot - Updated: 2023-12-18 12:43ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. Programmable Logic Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB/Phoenix Contact/Schneider Electric/Siemens/WAGO PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition. There are resource management error vulnerabilities in many PLC products, which originate from improper management of system resources (such as memory, disk space, files, etc.) by the network system or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ilc 151 eth",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "modicon m221",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.10.0.0"
},
{
"model": "knx ip",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "bacnet\\/ip",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "6ed1052-1cc01-0ba8",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "6es7211-1ae40-0xb0",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "6es7314-6eh04-0ab0",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "pm554-tp-eth",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": null
},
{
"model": "ethernet",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "pm554-tp-eth",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "ilc 151 eth",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "modicon m221",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "6ed1052-1cc01-0ba8",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "6es7211-1ae40-0xb0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "6es7314-6eh04-0ab0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "bacnet/ip",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "ethernet",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "knx ip",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "controller pfc100",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-8100)0"
},
{
"model": "controller knx ip",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-889)0"
},
{
"model": "controller ethernet",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-880)0"
},
{
"model": "controller bacnet/ip",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "(750-831)0"
},
{
"model": "6es7314-6eh04-0ab0 simatic s7-314",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "6es7211-1ae40-0xb0 simatic s7-1211",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "6ed1052-1cc01-0ba8 logo!",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "80"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "contact ilc eth",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "27009741510"
},
{
"model": "1sap120600r0071 pm554-tp-eth",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pm554-tp-eth_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pm554-tp-eth:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:ilc_151_eth_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:ilc_151_eth:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:6es7211-1ae40-0xb0_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7211-1ae40-0xb0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:6es7314-6eh04-0ab0_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6es7314-6eh04-0ab0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:6ed1052-1cc01-0ba8_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6ed1052-1cc01-0ba8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:knx_ip_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:knx_ip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:ethernet_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:ethernet:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:bacnet\\/ip_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:bacnet\\/ip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and Florian Fischer (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita\u0308t Berlin), and Florian Fischer (Hochschule Augsburg) reported this vulnerability to NCCIC.,Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita\u00c2\u00a8t Berlin)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10953",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142551",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10953",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10953",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-770",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142551",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10953",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. Programmable Logic Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB/Phoenix Contact/Schneider Electric/Siemens/WAGO PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial of service condition. There are resource management error vulnerabilities in many PLC products, which originate from improper management of system resources (such as memory, disk space, files, etc.) by the network system or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-106-03",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2019-10953",
"trust": 2.9
},
{
"db": "BID",
"id": "108413",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1312",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142551",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-10953",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
]
},
"id": "VAR-201904-1022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
}
],
"trust": 0.9082869342857144
},
"last_update_date": "2023-12-18T12:43:33.591000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PM554-TP-ETH",
"trust": 0.8,
"url": "https://new.abb.com/products/1sap120600r0071/pm554-tp-ethac500-prog-logic-controller"
},
{
"title": "Controller - ILC 151 ETH - 2700974",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2700974\u0026library=usen\u0026pcck=p-08-12-08-07\u0026tab=5\u0026selectedcategory=all"
},
{
"title": "M221 firmware",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/m221+firmware+v1.3/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.siemens.com/global/en.html"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.wago.co.jp/"
},
{
"title": "CVE-2019-10953",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2019-10953 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-106-03"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/108413"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10953"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10953"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79174"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-106-03"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2019-10953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142551"
},
{
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"db": "BID",
"id": "108413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-142551"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"date": "2019-05-16T00:00:00",
"db": "BID",
"id": "108413"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"date": "2019-04-17T15:29:00.843000",
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142551"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10953"
},
{
"date": "2019-05-16T00:00:00",
"db": "BID",
"id": "108413"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003487"
},
{
"date": "2022-01-31T20:48:56.740000",
"db": "NVD",
"id": "CVE-2019-10953"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Programmable Logic Controller Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-770"
}
],
"trust": 0.6
}
}
VAR-202003-0674
Vulnerability from variot - Updated: 2023-12-18 12:35An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure. WAGO PFC200 and PFC100 There is an information leakage vulnerability in.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "NVD",
"id": "CVE-2019-5134"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5134"
}
]
},
"cve": "CVE-2019-5134",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014931",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17489",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014931",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5134",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014931",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17489",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure. WAGO PFC200 and PFC100 There is an information leakage vulnerability in.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5134",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0923",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17489",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-363",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931",
"trust": 0.8
},
{
"db": "IVD",
"id": "2960EC90-977E-4F7D-9BDA-FB967CFC7E0E",
"trust": 0.2
},
{
"db": "IVD",
"id": "C98F890F-B3BD-4D36-A82E-F40BD61B2AA7",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
]
},
"id": "VAR-202003-0674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
}
],
"trust": 1.65716723
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
}
]
},
"last_update_date": "2023-12-18T12:35:40.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "NVD",
"id": "CVE-2019-5134"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0923"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5134"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5134"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "2960ec90-977e-4f7d-9bda-fb967cfc7e0e"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "c98f890f-b3bd-4d36-a82e-f40bd61b2aa7"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"date": "2020-03-11T22:27:40.177000",
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17489"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014931"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-5134"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 and PFC100 Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014931"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-363"
}
],
"trust": 0.6
}
}
VAR-202310-0385
Vulnerability from variot - Updated: 2023-12-18 12:33On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. WAGO The following vulnerabilities exist in multiple products provided by . * Externally controllable reference to another region resource (CWE-610) - CVE-2023-4089If the vulnerability is exploited, it may be affected as follows
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "touch panel 600 advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "compact controller 100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "19"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "touch panel 600 advanced",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "touch panel 600 standard",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "compact controller 100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "edge controller",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "pfc200",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "touch panel 600 marine",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 marine",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "edge controller",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "18"
},
{
"model": "touch panel 600 standard",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "26"
},
{
"model": "edge controller",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "compact controller cc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "26",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"cve": "CVE-2023-4089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 2.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-007590",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-4089",
"trust": 1.0,
"value": "LOW"
},
{
"author": "OTHER",
"id": "JVNDB-2023-007590",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. WAGO The following vulnerabilities exist in multiple products provided by . * Externally controllable reference to another region resource (CWE-610) - CVE-2023-4089If the vulnerability is exploited, it may be affected as follows",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "VULMON",
"id": "CVE-2023-4089"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-4089",
"trust": 2.7
},
{
"db": "CERT@VDE",
"id": "VDE-2023-046",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU96020889",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-325-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007590",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-4089",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"id": "VAR-202310-0385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T12:33:31.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WAGO\u00a0Global\u00a0|\u00a0Reliable\u00a0Solutions\u00a0for\u00a0Many\u00a0Sectors\u00a0and\u00a0Industories",
"trust": 0.8,
"url": "https://www.wago.com/global/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert.vde.com/en/advisories/vde-2023-046/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96020889/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4089"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-01"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/de/advisories/vde-2023-046/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/610.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-4089"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4089"
},
{
"date": "2023-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"date": "2023-10-17T07:15:10.090000",
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4089"
},
{
"date": "2023-11-24T04:24:00",
"db": "JVNDB",
"id": "JVNDB-2023-007590"
},
{
"date": "2023-10-24T18:00:38.507000",
"db": "NVD",
"id": "CVE-2023-4089"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability of external controllable references to other domain resources in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007590"
}
],
"trust": 0.8
}
}
VAR-201912-0777
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.00.3912"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.00.3912"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.01.0713"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5078",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46399",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5078",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-46399",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-733",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial of service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5078",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0870",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46399",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "IVD",
"id": "188ECB88-1B7C-4AB4-9617-D7DD2D2084B8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"id": "VAR-201912-0777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
}
]
},
"last_update_date": "2023-12-18T12:27:49.101000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0870"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5078"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0870"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5078"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"date": "2019-12-18T21:15:14.083000",
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"date": "2019-12-27T19:26:39.717000",
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
],
"trust": 0.8
}
}
VAR-201912-0772
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5073",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5073",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46397",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-5073",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5073",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-46397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information exposure vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5073",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0862",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46397",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47152",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "32CFF3E1-62C7-4B0D-9C9D-F140EBBC5A6F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"id": "VAR-201912-0772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
}
]
},
"last_update_date": "2023-12-18T12:27:49.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106023"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0862"
},
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0862"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5073"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5073"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47152"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"date": "2019-12-18T21:15:13.897000",
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"date": "2019-12-27T19:57:03.017000",
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"date": "2020-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
],
"trust": 0.6
}
}
VAR-201912-0780
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-5081",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46394",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5081",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5081",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-46394",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-745",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \u0027\u0027I/O-Chec\u0027\u0027 functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5081",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0873",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0874",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2019-46394",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "C6438B63-D1BB-46D1-9B83-34F99FD9E90B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"id": "VAR-201912-0780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
}
]
},
"last_update_date": "2023-12-18T12:27:49.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105557"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0873"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0873"
},
{
"trust": 1.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0874"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5081"
},
{
"trust": 1.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5081"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"date": "2019-12-18T20:15:16.917000",
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
],
"trust": 0.8
}
}
VAR-201912-0773
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO.
A buffer overflow vulnerability exists in the I / O-Check function in WAGO PFC 200. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "20003.01.07(13)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "20003.00.39(12)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "NVD",
"id": "CVE-2019-5074"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5074"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5074",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-5074",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03549",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5074",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5074",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-03549",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-747",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable stack buffer overflow vulnerability exists in the iocheckd service \u0027\u0027I/O-Check\u0027\u0027 functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO. \n\r\n\r\nA buffer overflow vulnerability exists in the I / O-Check function in WAGO PFC 200. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "CNVD",
"id": "CNVD-2020-03549"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0863",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5074",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03549",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-747",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"id": "VAR-201912-0773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
}
],
"trust": 1.2865298959999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
}
]
},
"last_update_date": "2023-12-18T12:27:49.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106024"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "NVD",
"id": "CVE-2019-5074"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0863"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5074"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5074"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"date": "2019-12-18T20:15:16.760000",
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03549"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013796"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-5074"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013796"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-747"
}
],
"trust": 0.6
}
}
VAR-201912-0776
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0776",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "NVD",
"id": "CVE-2019-5077"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5077",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5077",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46396",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5077",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5077",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-46396",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-737",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in the iocheckd service \u2018\u2019I/O-Chec\u2019\u2019 functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5077",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0869",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46396",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-737",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "FBCC5C8E-3D0E-4695-9BB3-6CEAE21897BE",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
]
},
"id": "VAR-201912-0776",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
}
]
},
"last_update_date": "2023-12-18T12:27:49.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "NVD",
"id": "CVE-2019-5077"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0869"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0869"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5077"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5077"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47154"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"date": "2019-12-18T20:15:16.837000",
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46396"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013792"
},
{
"date": "2020-02-10T21:53:09.003000",
"db": "NVD",
"id": "CVE-2019-5077"
},
{
"date": "2020-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Vulnerability related to lack of certification for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013792"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "fbcc5c8e-3d0e-4695-9bb3-6ceae21897be"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-737"
}
],
"trust": 0.8
}
}
VAR-201912-0774
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5075",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-5075",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46398",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "027060de-fc78-4359-ac1f-580c302f96c8",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5075",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5075",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-46398",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-734",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service \"I/O-Check\" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5075",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0864",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46398",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47153",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "027060DE-FC78-4359-AC1F-580C302F96C8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"id": "VAR-201912-0774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
}
]
},
"last_update_date": "2023-12-18T12:27:49.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106022"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0864"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5075"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0864"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5075"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47153"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"date": "2019-12-18T21:15:14.007000",
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
],
"trust": 0.8
}
}
VAR-201912-0779
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. Attackers can Exploitation of this vulnerability resulted in a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5080",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5080",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46629",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5080",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5080",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-46629",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-742",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. Attackers can Exploitation of this vulnerability resulted in a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5080",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0872",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46629",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47155",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "AC656BE7-CAA8-4D9A-BD23-A4A8AE420DA6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
]
},
"id": "VAR-201912-0779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
}
]
},
"last_update_date": "2023-12-18T12:27:49.162000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0872"
},
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0872"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5080"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5080"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-24T00:00:00",
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"date": "2019-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"date": "2019-12-18T21:15:14.240000",
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"date": "2019-12-27T15:37:59.187000",
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"date": "2020-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Vulnerability related to lack of certification for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
],
"trust": 0.8
}
}
VAR-202001-0422
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO.
There is a buffer overflow vulnerability in the 'I / O-Check' function in WAGO PFC200 and PFC100. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.01.07(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"cve": "CVE-2019-5082",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5082",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03737",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5082",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5082",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-03737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-915",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. \n\r\n\r\nThere is a buffer overflow vulnerability in the \u0027I / O-Check\u0027 function in WAGO PFC200 and PFC100. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNVD",
"id": "CNVD-2020-03737"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5082",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0874",
"trust": 2.4
},
{
"db": "CERT@VDE",
"id": "VDE-2019-022",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"id": "VAR-202001-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
}
],
"trust": 1.2571672299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
}
]
},
"last_update_date": "2023-12-18T12:27:49.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "Patch for WAGO PFC 200 \u0027I / O-Check\u0027 Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/199035"
},
{
"title": "WAGO PFC200 and PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106686"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0874"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5082"
},
{
"trust": 1.2,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-022"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5082"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"date": "2020-01-08T17:15:11.837000",
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"date": "2020-01-22T16:01:32.820000",
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
],
"trust": 0.6
}
}
VAR-201912-0778
Vulnerability from variot - Updated: 2023-12-18 12:27An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc_100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5079",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46395",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "370be516-5627-47d6-9e74-a8561eee7d4d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5079",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5079",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-46395",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-739",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5079",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0871",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46395",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "IVD",
"id": "370BE516-5627-47D6-9E74-A8561EEE7D4D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"id": "VAR-201912-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
}
],
"trust": 1.427393145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
}
]
},
"last_update_date": "2023-12-18T12:27:49.132000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105556"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0871"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5079"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0871"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5079"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"date": "2019-12-18T21:15:14.163000",
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"date": "2019-12-27T16:11:47.903000",
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Firmware out-of-bounds vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
],
"trust": 0.8
}
}
VAR-202301-1424
Vulnerability from variot - Updated: 2023-12-18 12:15The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull. plural WAGO The product contains a lack of authentication vulnerability for critical functionality.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cc100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "edge controller",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 standard",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc200",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "edge controller",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "cc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 advanced",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "compact controller cc100",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "edge controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:cc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:cc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3738"
}
]
},
"cve": "CVE-2022-3738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-3738",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3738",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-3738",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1507",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull. plural WAGO The product contains a lack of authentication vulnerability for critical functionality.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "VULMON",
"id": "CVE-2022-3738"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3738",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2022-054",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001947",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1507",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3738",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"id": "VAR-202301-1424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T12:15:03.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222117"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-3738 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/en/advisories/vde-2022-054/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3738"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3738/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-3738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3738"
},
{
"date": "2023-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"date": "2023-01-19T12:15:11.213000",
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"date": "2023-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3738"
},
{
"date": "2023-05-25T06:27:00",
"db": "JVNDB",
"id": "JVNDB-2023-001947"
},
{
"date": "2023-11-07T10:15:07.787000",
"db": "NVD",
"id": "CVE-2022-3738"
},
{
"date": "2023-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability related to lack of authentication for critical functions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001947"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1507"
}
],
"trust": 0.6
}
}
VAR-202302-1898
Vulnerability from variot - Updated: 2023-12-18 12:14The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1898",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 standard",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 marine",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "751-9301",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "752-8303\\/8000-002",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "18"
},
{
"model": "752-8303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "751-9301",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "752-8303/8000-002",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "NVD",
"id": "CVE-2022-45140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:752-8303\\/8000-002:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45140"
}
]
},
"cve": "CVE-2022-45140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-019558",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2022-45140",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2022-019558",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2111",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "VULMON",
"id": "CVE-2022-45140"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45140",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2022-060",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019558",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2111",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45140",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"id": "VAR-202302-1898",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T12:14:57.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple WAGO product Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226883"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "NVD",
"id": "CVE-2022-45140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/en/advisories/vde-2022-060/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45140"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45140/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45140"
},
{
"date": "2023-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"date": "2023-02-27T15:15:11.503000",
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45140"
},
{
"date": "2023-10-26T05:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-019558"
},
{
"date": "2023-03-07T21:49:30.787000",
"db": "NVD",
"id": "CVE-2022-45140"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability related to lack of authentication for critical functions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2111"
}
],
"trust": 0.6
}
}
VAR-202302-1897
Vulnerability from variot - Updated: 2023-12-18 12:14A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a same-origin policy violation vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1897",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 standard",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 marine",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "751-9301",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "752-8303\\/8000-002",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "18"
},
{
"model": "752-8303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "751-9301",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "752-8303/8000-002",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "NVD",
"id": "CVE-2022-45139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:752-8303\\/8000-002:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45139"
}
]
},
"cve": "CVE-2022-45139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-019559",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2022-45139",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-019559",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2113",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a same-origin policy violation vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "VULMON",
"id": "CVE-2022-45139"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45139",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2022-060",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019559",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2113",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45139",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"id": "VAR-202302-1897",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T12:14:57.139000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WAGO Repair measures for access control error vulnerabilities of various products of the company",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226885"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-346",
"trust": 1.0
},
{
"problemtype": "Same-origin policy violation (CWE-346) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "NVD",
"id": "CVE-2022-45139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/en/advisories/vde-2022-060/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45139"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45139/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/346.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45139"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45139"
},
{
"date": "2023-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"date": "2023-02-27T15:15:11.407000",
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45139"
},
{
"date": "2023-10-26T05:45:00",
"db": "JVNDB",
"id": "JVNDB-2022-019559"
},
{
"date": "2023-03-07T22:54:57.223000",
"db": "NVD",
"id": "CVE-2022-45139"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Same Origin Policy Violation Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019559"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2113"
}
],
"trust": 0.6
}
}
VAR-202302-1896
Vulnerability from variot - Updated: 2023-12-18 12:14The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1896",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 standard",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 marine",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "751-9301",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "752-8303\\/8000-002",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "18"
},
{
"model": "752-8303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "751-9301",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "752-8303/8000-002",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "NVD",
"id": "CVE-2022-45137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:752-8303\\/8000-002:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45137"
}
]
},
"cve": "CVE-2022-45137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-019562",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2022-45137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-019562",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2139",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "VULMON",
"id": "CVE-2022-45137"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45137",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2022-060",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019562",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2139",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45137",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"id": "VAR-202302-1896",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T12:14:57.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple WAGO product Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226904"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "NVD",
"id": "CVE-2022-45137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/en/advisories/vde-2022-060/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45137"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45137/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45137"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45137"
},
{
"date": "2023-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"date": "2023-02-27T15:15:11.203000",
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45137"
},
{
"date": "2023-10-26T05:49:00",
"db": "JVNDB",
"id": "JVNDB-2022-019562"
},
{
"date": "2023-03-08T15:20:05.963000",
"db": "NVD",
"id": "CVE-2022-45137"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2139"
}
],
"trust": 0.6
}
}
VAR-202302-1899
Vulnerability from variot - Updated: 2023-12-18 12:14The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1899",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 standard",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 marine",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 marine",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "751-9301",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "752-8303\\/8000-002",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "751-9301",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "752-8303\\/8000-002",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "18"
},
{
"model": "752-8303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "touch panel 600 standard",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "22"
},
{
"model": "pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "wago",
"version": "16"
},
{
"model": "touch panel 600 marine",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "23"
},
{
"model": "touch panel 600 advanced",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "751-9301",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 marine",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc100",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "touch panel 600 standard",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "752-8303/8000-002",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "NVD",
"id": "CVE-2022-45138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:752-8303\\/8000-002:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45138"
}
]
},
"cve": "CVE-2022-45138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-019560",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2022-45138",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2022-019560",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2138",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "VULMON",
"id": "CVE-2022-45138"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45138",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2022-060",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2138",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"id": "VAR-202302-1899",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65716723
},
"last_update_date": "2023-12-18T12:14:57.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple WAGO product Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226903"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "NVD",
"id": "CVE-2022-45138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/en/advisories/vde-2022-060/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45138"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45138/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45138"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45138"
},
{
"date": "2023-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"date": "2023-02-27T15:15:11.317000",
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"date": "2023-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45138"
},
{
"date": "2023-10-26T05:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-019560"
},
{
"date": "2023-03-07T22:54:12.070000",
"db": "NVD",
"id": "CVE-2022-45138"
},
{
"date": "2023-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability related to lack of authentication for critical functions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019560"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2138"
}
],
"trust": 0.6
}
}
VAR-202003-0676
Vulnerability from variot - Updated: 2023-12-18 11:58The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). WAGO PFC100 and PFC2000 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. WAGO PFC100 is a programmable logic controller (PLC) of German WAGO company.
WAGO PFC100 has a source management error vulnerability, which can be exploited by attackers to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc100",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc100",
"version": "03.01.07(13)"
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"cve": "CVE-2019-5149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014879",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5149",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014879",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5149",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014879",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17496",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-365",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-5149",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). WAGO PFC100 and PFC2000 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. WAGO PFC100 is a programmable logic controller (PLC) of German WAGO company. \n\r\n\r\nWAGO PFC100 has a source management error vulnerability, which can be exploited by attackers to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5149",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2019-0939",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2020-17496",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365",
"trust": 1.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0953",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879",
"trust": 0.8
},
{
"db": "IVD",
"id": "8C3A524C-6B85-4B7F-A3BE-1A8890B51501",
"trust": 0.2
},
{
"db": "IVD",
"id": "ABE4FF05-654D-43A6-8D55-B27E00DB4977",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5149",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
]
},
"id": "VAR-202003-0676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
}
],
"trust": 1.65716723
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
}
]
},
"last_update_date": "2023-12-18T11:58:38.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0939"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5149"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5149"
},
{
"trust": 0.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0953"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"date": "2020-03-11T22:27:40.583000",
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"date": "2020-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"date": "2020-03-13T21:33:11.957000",
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"date": "2020-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC100 Resource Management Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
],
"trust": 1.0
}
}
CVE-2023-4089 (GCVE-0-2023-4089)
Vulnerability from cvelistv5 – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
VLAI?
Title
WAGO: Multiple products vulnerable to local file inclusion
Summary
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW19 , ≤ FW26
(semver)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Floris Hendriks and Jeroen Wijenbergh from Radboud University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:11.155380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:40:32.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW18",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T06:00:28.908Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"source": {
"advisory": "VDE-2023-046",
"defect": [
"CERT@VDE#64532"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Multiple products vulnerable to local file inclusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4089",
"datePublished": "2023-10-17T06:00:28.908Z",
"dateReserved": "2023-08-02T07:20:35.600Z",
"dateUpdated": "2025-02-27T20:40:32.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1698 (GCVE-0-2023-1698)
Vulnerability from cvelistv5 – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13
VLAI?
Title
WAGO: WBM Command Injection in multiple products
Summary
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW20 , ≤ FW22
(semver)
Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Quentin Kaiser from ONEKEY
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:12:48.907770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:13:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quentin Kaiser from ONEKEY"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T08:51:27.453Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"source": {
"advisory": "VDE-2023-007",
"defect": [
"CERT@VDE#64422"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: WBM Command Injection in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1698",
"datePublished": "2023-05-15T08:51:27.453Z",
"dateReserved": "2023-03-29T13:00:05.618Z",
"dateUpdated": "2025-01-23T19:13:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4089 (GCVE-0-2023-4089)
Vulnerability from nvd – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
VLAI?
Title
WAGO: Multiple products vulnerable to local file inclusion
Summary
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW19 , ≤ FW26
(semver)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Floris Hendriks and Jeroen Wijenbergh from Radboud University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:11.155380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:40:32.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW18",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T06:00:28.908Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"source": {
"advisory": "VDE-2023-046",
"defect": [
"CERT@VDE#64532"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Multiple products vulnerable to local file inclusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4089",
"datePublished": "2023-10-17T06:00:28.908Z",
"dateReserved": "2023-08-02T07:20:35.600Z",
"dateUpdated": "2025-02-27T20:40:32.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1698 (GCVE-0-2023-1698)
Vulnerability from nvd – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13
VLAI?
Title
WAGO: WBM Command Injection in multiple products
Summary
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW20 , ≤ FW22
(semver)
Affected: FW23 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Quentin Kaiser from ONEKEY
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:12:48.907770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:13:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW20",
"versionType": "semver"
},
{
"status": "affected",
"version": "FW23"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "FW22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quentin Kaiser from ONEKEY"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T08:51:27.453Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
}
],
"source": {
"advisory": "VDE-2023-007",
"defect": [
"CERT@VDE#64422"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: WBM Command Injection in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1698",
"datePublished": "2023-05-15T08:51:27.453Z",
"dateReserved": "2023-03-29T13:00:05.618Z",
"dateUpdated": "2025-01-23T19:13:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}