Search
Find a vulnerability
Search criteria
8 vulnerabilities found for 750-832\/000-002_firmware by wago
CVE-2023-1620 (GCVE-0-2023-1620)
Vulnerability from nvd – Published: 2023-06-26 06:19 – Updated: 2024-11-12 14:11
VLAI
Title
WAGO: DoS in multiple products in multiple versions using Codesys
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2023-006/ | vendor-advisory |
Impacted products
29 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8203/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8204/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8206/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8207/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8208/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8210/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8211/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8212/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8213/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8214/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8216/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8217/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-823 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-332 |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-832/xxx-xxx |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-862 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-890/xxx-xxx |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-891 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-893 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-331 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-829 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-831/xxx-xxx |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-852 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-880/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-881 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-882 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-885/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-889 |
Affected:
FW1 , ≤ FW16
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:30:42.286955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:11:36.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:51.078Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple products in multiple versions using Codesys",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1620",
"datePublished": "2023-06-26T06:19:30.928Z",
"dateReserved": "2023-03-24T10:12:26.426Z",
"dateUpdated": "2024-11-12T14:11:36.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1619 (GCVE-0-2023-1619)
Vulnerability from nvd – Published: 2023-06-26 06:18 – Updated: 2024-10-02 05:28
VLAI
Title
WAGO: DoS in multiple versions of multiple products
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Severity
4.9 (Medium)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2023-006/ | vendor-advisory |
Impacted products
29 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8203/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8204/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8206/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8207/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8208/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8210/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8211/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8212/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8213/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8214/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8216/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8217/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-823 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-332 |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-832/xxx-xxx |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-862 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-890/xxx-xxx |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-891 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-893 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-331 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-829 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-831/xxx-xxx |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-852 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-880/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-881 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-882 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-885/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-889 |
Affected:
FW1 , ≤ FW16
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:23.250Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple versions of multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1619",
"datePublished": "2023-06-26T06:18:33.981Z",
"dateReserved": "2023-03-24T10:12:25.218Z",
"dateUpdated": "2024-10-02T05:28:23.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1150 (GCVE-0-2023-1150)
Vulnerability from nvd – Published: 2023-06-26 06:19 – Updated: 2024-12-05 19:07
VLAI
Title
WAGO: Series 750-3x/-8x prone to MODBUS server DoS
Summary
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | 750-332 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-362/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-363/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-364/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-365/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-823 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-832/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-862 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-890/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-891 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-893 |
Affected:
0 , ≤ FW10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:06:44.632463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:07:34.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-362/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-363/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-364/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-365/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Roman Ezhov from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:26:51.589Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"source": {
"advisory": "VDE-2023-005",
"defect": [
"CERT@VDE#64392"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Series 750-3x/-8x prone to MODBUS server DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1150",
"datePublished": "2023-06-26T06:19:53.942Z",
"dateReserved": "2023-03-02T05:38:38.812Z",
"dateUpdated": "2024-12-05T19:07:34.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34578 (GCVE-0-2021-34578)
Vulnerability from nvd – Published: 2021-08-31 10:33 – Updated: 2024-09-16 18:33
VLAI
Title
WAGO: Authentication Vulnerability in Web-Based Management
Summary
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Severity
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-044 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | PLC |
Affected:
750-362 , ≤ FW07
(custom)
Affected: 750-363 , ≤ FW07 (custom) Affected: 750-823 , ≤ FW07 (custom) Affected: 750-832/xxx-xxx , ≤ FW07 (custom) Affected: 750-862 , ≤ FW07 (custom) Affected: 750-891 , ≤ FW07 (custom) Affected: 750-890/xxx-xxx , ≤ FW07 (custom) Affected: 750-893 , ≤ FW07 (custom) |
Date Public
2021-08-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLC",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-362",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-363",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-823",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-832/xxx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-862",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-891",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-890/xxx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-893",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated."
}
],
"datePublic": "2021-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T10:33:01.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the device to the latest FW version."
}
],
"source": {
"advisory": "VDE-2020-044",
"discovery": "EXTERNAL"
},
"title": "WAGO: Authentication Vulnerability in Web-Based Management",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T07:00:00.000Z",
"ID": "CVE-2021-34578",
"STATE": "PUBLIC",
"TITLE": "WAGO: Authentication Vulnerability in Web-Based Management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "750-362",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-363",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-823",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-832/xxx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-862",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-891",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-890/xxx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-893",
"version_value": "FW07"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-044",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the device to the latest FW version."
}
],
"source": {
"advisory": "VDE-2020-044",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34578",
"datePublished": "2021-08-31T10:33:01.868Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:25.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1150 (GCVE-0-2023-1150)
Vulnerability from cvelistv5 – Published: 2023-06-26 06:19 – Updated: 2024-12-05 19:07
VLAI
Title
WAGO: Series 750-3x/-8x prone to MODBUS server DoS
Summary
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | 750-332 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-362/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-363/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-364/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-365/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-823 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-832/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-862 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-890/xxx-xxx |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-891 |
Affected:
0 , ≤ FW10
(semver)
|
|
| WAGO | 750-893 |
Affected:
0 , ≤ FW10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:06:44.632463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:07:34.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-362/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-363/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-364/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-365/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Roman Ezhov from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"value": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:26:51.589Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-005/"
}
],
"source": {
"advisory": "VDE-2023-005",
"defect": [
"CERT@VDE#64392"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Series 750-3x/-8x prone to MODBUS server DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1150",
"datePublished": "2023-06-26T06:19:53.942Z",
"dateReserved": "2023-03-02T05:38:38.812Z",
"dateUpdated": "2024-12-05T19:07:34.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1620 (GCVE-0-2023-1620)
Vulnerability from cvelistv5 – Published: 2023-06-26 06:19 – Updated: 2024-11-12 14:11
VLAI
Title
WAGO: DoS in multiple products in multiple versions using Codesys
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2023-006/ | vendor-advisory |
Impacted products
29 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8203/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8204/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8206/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8207/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8208/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8210/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8211/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8212/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8213/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8214/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8216/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8217/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-823 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-332 |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-832/xxx-xxx |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-862 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-890/xxx-xxx |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-891 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-893 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-331 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-829 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-831/xxx-xxx |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-852 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-880/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-881 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-882 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-885/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-889 |
Affected:
FW1 , ≤ FW16
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:30:42.286955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:11:36.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:51.078Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple products in multiple versions using Codesys",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1620",
"datePublished": "2023-06-26T06:19:30.928Z",
"dateReserved": "2023-03-24T10:12:26.426Z",
"dateUpdated": "2024-11-12T14:11:36.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1619 (GCVE-0-2023-1619)
Vulnerability from cvelistv5 – Published: 2023-06-26 06:18 – Updated: 2024-10-02 05:28
VLAI
Title
WAGO: DoS in multiple versions of multiple products
Summary
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Severity
4.9 (Medium)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2023-006/ | vendor-advisory |
Impacted products
29 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | 750-8202/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8203/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8204/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8206/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8207/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8208/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8210/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8211/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8212/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8213/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8214/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8216/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-8217/xxx-xxx |
Affected:
FW1 , ≤ FW22 SP1
(custom)
|
|
| Wago | 750-823 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-332 |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-832/xxx-xxx |
Affected:
FW1 , ≤ FW6
(custom)
|
|
| Wago | 750-862 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-890/xxx-xxx |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-891 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-893 |
Affected:
FW1 , ≤ FW10
(custom)
|
|
| Wago | 750-331 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-829 |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-831/xxx-xxx |
Affected:
FW1 , ≤ FW14
(custom)
|
|
| Wago | 750-852 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-880/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-881 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-882 |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-885/xxx-xxx |
Affected:
FW1 , ≤ FW16
(custom)
|
|
| Wago | 750-889 |
Affected:
FW1 , ≤ FW16
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "750-8202/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8203/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8204/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8206/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8207/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8208/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8210/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8211/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8212/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8213/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8214/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8216/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-8217/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW22 SP1",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-823",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-332",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-832/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW6",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-862",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-890/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-891",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-893",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW10",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-331",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-829",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-831/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-852",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-880/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-881",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-882",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-885/xxx-xxx",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "750-889",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "FW16",
"status": "affected",
"version": "FW1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel dos Santos from Forescout"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdelrahman Hassanien from Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"value": "Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:28:23.250Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-006/"
}
],
"source": {
"advisory": "VDE-2023-006",
"defect": [
"CERT@VDE#64417"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: DoS in multiple versions of multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1619",
"datePublished": "2023-06-26T06:18:33.981Z",
"dateReserved": "2023-03-24T10:12:25.218Z",
"dateUpdated": "2024-10-02T05:28:23.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34578 (GCVE-0-2021-34578)
Vulnerability from cvelistv5 – Published: 2021-08-31 10:33 – Updated: 2024-09-16 18:33
VLAI
Title
WAGO: Authentication Vulnerability in Web-Based Management
Summary
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Severity
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-044 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | PLC |
Affected:
750-362 , ≤ FW07
(custom)
Affected: 750-363 , ≤ FW07 (custom) Affected: 750-823 , ≤ FW07 (custom) Affected: 750-832/xxx-xxx , ≤ FW07 (custom) Affected: 750-862 , ≤ FW07 (custom) Affected: 750-891 , ≤ FW07 (custom) Affected: 750-890/xxx-xxx , ≤ FW07 (custom) Affected: 750-893 , ≤ FW07 (custom) |
Date Public
2021-08-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLC",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-362",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-363",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-823",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-832/xxx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-862",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-891",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-890/xxx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-893",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated."
}
],
"datePublic": "2021-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T10:33:01.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the device to the latest FW version."
}
],
"source": {
"advisory": "VDE-2020-044",
"discovery": "EXTERNAL"
},
"title": "WAGO: Authentication Vulnerability in Web-Based Management",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T07:00:00.000Z",
"ID": "CVE-2021-34578",
"STATE": "PUBLIC",
"TITLE": "WAGO: Authentication Vulnerability in Web-Based Management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "750-362",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-363",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-823",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-832/xxx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-862",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-891",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-890/xxx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-893",
"version_value": "FW07"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-044",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the device to the latest FW version."
}
],
"source": {
"advisory": "VDE-2020-044",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34578",
"datePublished": "2021-08-31T10:33:01.868Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:25.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}