Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Ethernet Controller 3rd Generation by WAGO

    CVE-2018-25090 (GCVE-0-2018-25090)

    Vulnerability from nvd – Published: 2024-03-13 08:32 – Updated: 2024-08-05 15:22
    VLAI
    Title
    Wago: Improper Neutralization of Input During Web Page Generation in multiple devices
    Summary
    An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:48.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T15:21:55.909544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:22:05.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet/IP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet MS/TP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fieldbus Coupler Ethernet 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required.\u0026nbsp;This leads to a limited impact of confidentiality and integrity but no impact of availability."
                }
              ],
              "value": "An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required.\u00a0This leads to a limited impact of confidentiality and integrity but no impact of availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-13T08:32:17.180Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-039",
            "defect": [
              "CERT@VDE#64546"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wago: Improper Neutralization of Input During Web Page Generation in multiple devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2018-25090",
        "datePublished": "2024-03-13T08:32:17.180Z",
        "dateReserved": "2023-09-14T13:00:21.075Z",
        "dateUpdated": "2024-08-05T15:22:05.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-10123 (GCVE-0-2015-10123)

    Vulnerability from nvd – Published: 2024-03-13 08:31 – Updated: 2024-10-23 09:40
    VLAI
    Title
    Wago: Buffer Copy without Checking Size of Input in wbm of multiple products
    Summary
    An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Controller BACnet/IP Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    WAGO Controller BACnet MS/TP Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    WAGO Ethernet Controller 3rd Generation Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    WAGO Fieldbus Coupler Ethernet 3rd Generation Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    wago 750-352_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-831_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-829_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-852_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-880_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-881_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-882_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-885_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-889_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-884_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-352_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-831_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-829_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-852_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-880_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-881_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-882_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-885_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-889_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-884_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2015-10123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T18:34:04.204030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:37:09.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet/IP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet MS/TP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fieldbus Coupler Ethernet 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.\u003cbr\u003e"
                }
              ],
              "value": "An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T09:40:12.408Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-039",
            "defect": [
              "CERT@VDE#64546"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wago: Buffer Copy without Checking Size of Input in wbm of multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2015-10123",
        "datePublished": "2024-03-13T08:31:55.341Z",
        "dateReserved": "2023-09-14T13:00:03.904Z",
        "dateUpdated": "2024-10-23T09:40:12.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-25090 (GCVE-0-2018-25090)

    Vulnerability from cvelistv5 – Published: 2024-03-13 08:32 – Updated: 2024-08-05 15:22
    VLAI
    Title
    Wago: Improper Neutralization of Input During Web Page Generation in multiple devices
    Summary
    An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:48.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T15:21:55.909544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:22:05.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet/IP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet MS/TP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fieldbus Coupler Ethernet 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required.\u0026nbsp;This leads to a limited impact of confidentiality and integrity but no impact of availability."
                }
              ],
              "value": "An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required.\u00a0This leads to a limited impact of confidentiality and integrity but no impact of availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-13T08:32:17.180Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-039",
            "defect": [
              "CERT@VDE#64546"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wago: Improper Neutralization of Input During Web Page Generation in multiple devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2018-25090",
        "datePublished": "2024-03-13T08:32:17.180Z",
        "dateReserved": "2023-09-14T13:00:21.075Z",
        "dateUpdated": "2024-08-05T15:22:05.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-10123 (GCVE-0-2015-10123)

    Vulnerability from cvelistv5 – Published: 2024-03-13 08:31 – Updated: 2024-10-23 09:40
    VLAI
    Title
    Wago: Buffer Copy without Checking Size of Input in wbm of multiple products
    Summary
    An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Controller BACnet/IP Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    WAGO Controller BACnet MS/TP Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    WAGO Ethernet Controller 3rd Generation Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    WAGO Fieldbus Coupler Ethernet 3rd Generation Affected: 0 , ≤ FW13 (custom)
    Create a notification for this product.
    wago 750-352_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-831_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-829_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-852_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-880_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-881_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-882_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-885_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-889_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    wago 750-884_firmware Affected: 0 , ≤ FW13 (semver)
        cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-352_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-831_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-829_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-852_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-880_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-881_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-882_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-885_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-889_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "750-884_firmware",
                "vendor": "wago",
                "versions": [
                  {
                    "lessThanOrEqual": "FW13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2015-10123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T18:34:04.204030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:37:09.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet/IP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Controller BACnet MS/TP",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet Controller 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fieldbus Coupler Ethernet 3rd Generation",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.\u003cbr\u003e"
                }
              ],
              "value": "An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T09:40:12.408Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-039",
            "defect": [
              "CERT@VDE#64546"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wago: Buffer Copy without Checking Size of Input in wbm of multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2015-10123",
        "datePublished": "2024-03-13T08:31:55.341Z",
        "dateReserved": "2023-09-14T13:00:03.904Z",
        "dateUpdated": "2024-10-23T09:40:12.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }