Search

Find a vulnerability

Search criteria

    80 vulnerabilities found for pfc200_firmware by wago

    CVE-2023-3379 (GCVE-0-2023-3379)

    Vulnerability from nvd – Published: 2023-11-20 07:23 – Updated: 2024-10-02 05:34
    VLAI
    Title
    WAGO: Improper Privilege Management in web-based management
    Summary
    Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Credits
    Panagiotis Bellonias from Secura
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller 100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-810x/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22 Patch 1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-820x/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-821x/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22 Patch 1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "Wago",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Panagiotis Bellonias from Secura"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker  to change the passwords of other non-admin users and thus to escalate non-root privileges."
                }
              ],
              "value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker  to change the passwords of other non-admin users and thus to escalate non-root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T05:34:25.860Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-015",
            "defect": [
              "CERT@VDE#64549"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: Improper Privilege Management in web-based management",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-3379",
        "datePublished": "2023-11-20T07:23:41.887Z",
        "dateReserved": "2023-06-23T09:01:09.552Z",
        "dateUpdated": "2024-10-02T05:34:25.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4089 (GCVE-0-2023-4089)

    Vulnerability from nvd – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
    VLAI
    Title
    WAGO: Multiple products vulnerable to local file inclusion
    Summary
    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
    Assigner
    References
    Impacted products
    Credits
    Floris Hendriks and Jeroen Wijenbergh from Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:17:11.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4089",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:11.155380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:40:32.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
                }
              ],
              "value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-17T06:00:28.908Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-046",
            "defect": [
              "CERT@VDE#64532"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: Multiple products vulnerable to local file inclusion",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-4089",
        "datePublished": "2023-10-17T06:00:28.908Z",
        "dateReserved": "2023-08-02T07:20:35.600Z",
        "dateUpdated": "2025-02-27T20:40:32.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1698 (GCVE-0-2023-1698)

    Vulnerability from nvd – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13
    Title
    WAGO: WBM Command Injection in multiple products
    Summary
    In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Credits
    Quentin Kaiser from ONEKEY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:12:48.907770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:13:09.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Quentin Kaiser from ONEKEY"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
                }
              ],
              "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-15T08:51:27.453Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-007",
            "defect": [
              "CERT@VDE#64422"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: WBM Command Injection in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1698",
        "datePublished": "2023-05-15T08:51:27.453Z",
        "dateReserved": "2023-03-29T13:00:05.618Z",
        "dateUpdated": "2025-01-23T19:13:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45140 (GCVE-0-2022-45140)

    Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
    VLAI
    Title
    WAGO: Missing Authentication for Critical Function
    Summary
    The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:55.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T17:46:43.476712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T17:46:52.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
                }
              ],
              "value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:39.448Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Missing Authentication for Critical Function ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45140",
        "datePublished": "2023-02-27T14:36:39.448Z",
        "dateReserved": "2022-11-10T09:46:59.080Z",
        "dateUpdated": "2025-03-10T17:46:52.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45139 (GCVE-0-2022-45139)

    Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
    VLAI
    Title
    WAGO: Origin validation error through CORS misconfiguration
    Summary
    A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW18 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:55.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T17:45:54.261351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T17:46:16.888Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
                }
              ],
              "value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:32.016Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Origin validation error through CORS misconfiguration",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45139",
        "datePublished": "2023-02-27T14:36:32.016Z",
        "dateReserved": "2022-11-10T09:46:59.080Z",
        "dateUpdated": "2025-03-10T17:46:16.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45138 (GCVE-0-2022-45138)

    Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:20
    VLAI
    Title
    WAGO: Missing Authentication for Critical Function
    Summary
    The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW18 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:55.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T17:20:33.215201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T17:20:50.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
                }
              ],
              "value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:20.474Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Missing Authentication for Critical Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45138",
        "datePublished": "2023-02-27T14:36:20.474Z",
        "dateReserved": "2022-11-10T09:46:59.079Z",
        "dateUpdated": "2025-03-10T17:20:50.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45137 (GCVE-0-2022-45137)

    Vulnerability from nvd – Published: 2023-02-27 14:36 – Updated: 2024-08-03 14:09
    VLAI
    Title
    WAGO: Reflective Cross-Site Scripting
    Summary
    The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW18 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:56.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
                }
              ],
              "value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:03.411Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Reflective Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45137",
        "datePublished": "2023-02-27T14:36:03.411Z",
        "dateReserved": "2022-11-10T09:46:59.079Z",
        "dateUpdated": "2024-08-03T14:09:56.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3738 (GCVE-0-2022-3738)

    Vulnerability from nvd – Published: 2023-01-19 11:27 – Updated: 2025-04-02 14:55
    VLAI
    Title
    WAGO: Missing authentication for config export functionality in multiple products
    Summary
    The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Date Public
    2023-01-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:57.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:55:30.723734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T14:55:51.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO PFC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO PFC200",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO Touch Panel 600 Advanced Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO Touch Panel 600 Marine Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO Touch Panel 600 Standard Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WAGO Compact Controller CC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WAGO Edge Controller",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-01-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T09:43:18.629Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-054",
            "defect": [
              "CERT@VDE#64273"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: Missing authentication for config export functionality in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-3738",
        "datePublished": "2023-01-19T11:27:51.814Z",
        "dateReserved": "2022-10-28T07:18:40.653Z",
        "dateUpdated": "2025-04-02T14:55:51.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6090 (GCVE-0-2020-6090)

    Vulnerability from nvd – Published: 2020-06-11 13:27 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC 200 03.03.10(15)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC 200 03.03.10(15)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-11T13:27:20.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2020-6090",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC 200 03.03.10(15)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2020-6090",
        "datePublished": "2020-06-11T13:27:20.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5186 (GCVE-0-2019-5186)

    Vulnerability from nvd – Published: 2020-03-23 13:19 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC200 Firmware version 03.02.02(14)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC200 Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=\u003ccontents of interface element\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T13:19:22.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC200 Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=\u003ccontents of interface element\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5186",
        "datePublished": "2020-03-23T13:19:22.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5185 (GCVE-0-2019-5185)

    Vulnerability from nvd – Published: 2020-03-23 13:22 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC200 Firmware version 03.02.02(14)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC200 Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=X1 state=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T13:22:52.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC200 Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=X1 state=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5185",
        "datePublished": "2020-03-23T13:22:52.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5184 (GCVE-0-2019-5184)

    Vulnerability from nvd – Published: 2020-03-23 13:22 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.
    Severity
    No CVSS data available.
    CWE
    • double-free
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC200 Firmware version 03.02.02(14)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.819Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC200 Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable double free vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "double-free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T13:22:45.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC200 Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable double free vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "double-free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5184",
        "datePublished": "2020-03-23T13:22:45.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5181 (GCVE-0-2019-5181)

    Vulnerability from nvd – Published: 2020-03-11 23:31 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wago WAGO PFC200 Affected: Firmware version 03.02.02(14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAGO PFC200",
              "vendor": "Wago",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=\u2018) in length. A subnetmask value of length 0x3d9 will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T23:31:09.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WAGO PFC200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Wago"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=\u2018) in length. A subnetmask value of length 0x3d9 will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5181",
        "datePublished": "2020-03-11T23:31:09.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5180 (GCVE-0-2019-5180)

    Vulnerability from nvd – Published: 2020-03-11 23:30 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=‘) in length. A ip value of length 0x3da will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wago WAGO PFC200 Affected: Firmware version 03.02.02(14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAGO PFC200",
              "vendor": "Wago",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=\u2018) in length. A ip value of length 0x3da will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T23:30:46.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WAGO PFC200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Wago"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=\u2018) in length. A ip value of length 0x3da will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5180",
        "datePublished": "2020-03-11T23:30:46.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5179 (GCVE-0-2019-5179)

    Vulnerability from nvd – Published: 2020-03-11 23:30 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wago WAGO PFC200 Affected: Firmware version 03.02.02(14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAGO PFC200",
              "vendor": "Wago",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T23:30:26.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WAGO PFC200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Wago"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5179",
        "datePublished": "2020-03-11T23:30:26.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5178 (GCVE-0-2019-5178)

    Vulnerability from nvd – Published: 2020-03-11 23:25 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(‘/etc/config-tools/change_hostname hostname=‘) in length. A hostname value of length 0x3fd will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wago WAGO PFC200 Affected: Firmware version 03.02.02(14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAGO PFC200",
              "vendor": "Wago",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(\u2018/etc/config-tools/change_hostname hostname=\u2018) in length. A hostname value of length 0x3fd will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T23:25:15.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WAGO PFC200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Wago"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(\u2018/etc/config-tools/change_hostname hostname=\u2018) in length. A hostname value of length 0x3fd will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5178",
        "datePublished": "2020-03-11T23:25:15.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5177 (GCVE-0-2019-5177)

    Vulnerability from nvd – Published: 2020-03-11 23:25 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wago WAGO PFC200 Affected: Firmware version 03.02.02(14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAGO PFC200",
              "vendor": "Wago",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(\u2018/etc/config-tools/edit_dns_server domain-name=\u2018) in length. A domainname value of length 0x3fa will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T23:25:07.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5177",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WAGO PFC200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Wago"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(\u2018/etc/config-tools/edit_dns_server domain-name=\u2018) in length. A domainname value of length 0x3fa will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5177",
        "datePublished": "2020-03-11T23:25:07.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5176 (GCVE-0-2019-5176)

    Vulnerability from nvd – Published: 2020-03-11 23:24 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wago WAGO PFC200 Affected: Firmware version 03.02.02(14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAGO PFC200",
              "vendor": "Wago",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(\u2018/etc/config-tools/config_default_gateway number=0 state=enabled value=\u2018) in length. A gateway value of length 0x7e2 will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T23:24:58.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WAGO PFC200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Wago"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(\u2018/etc/config-tools/config_default_gateway number=0 state=enabled value=\u2018) in length. A gateway value of length 0x7e2 will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5176",
        "datePublished": "2020-03-11T23:24:58.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3379 (GCVE-0-2023-3379)

    Vulnerability from cvelistv5 – Published: 2023-11-20 07:23 – Updated: 2024-10-02 05:34
    VLAI
    Title
    WAGO: Improper Privilege Management in web-based management
    Summary
    Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Credits
    Panagiotis Bellonias from Secura
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller 100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-810x/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22 Patch 1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-820x/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-821x/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22 Patch 1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "Wago",
              "versions": [
                {
                  "lessThanOrEqual": "FW25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Panagiotis Bellonias from Secura"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker  to change the passwords of other non-admin users and thus to escalate non-root privileges."
                }
              ],
              "value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker  to change the passwords of other non-admin users and thus to escalate non-root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T05:34:25.860Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-015/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-015",
            "defect": [
              "CERT@VDE#64549"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: Improper Privilege Management in web-based management",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-3379",
        "datePublished": "2023-11-20T07:23:41.887Z",
        "dateReserved": "2023-06-23T09:01:09.552Z",
        "dateUpdated": "2024-10-02T05:34:25.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4089 (GCVE-0-2023-4089)

    Vulnerability from cvelistv5 – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
    VLAI
    Title
    WAGO: Multiple products vulnerable to local file inclusion
    Summary
    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
    Assigner
    References
    Impacted products
    Credits
    Floris Hendriks and Jeroen Wijenbergh from Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:17:11.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4089",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:11.155380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:40:32.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW26",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
                }
              ],
              "value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-17T06:00:28.908Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-046",
            "defect": [
              "CERT@VDE#64532"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: Multiple products vulnerable to local file inclusion",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-4089",
        "datePublished": "2023-10-17T06:00:28.908Z",
        "dateReserved": "2023-08-02T07:20:35.600Z",
        "dateUpdated": "2025-02-27T20:40:32.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1698 (GCVE-0-2023-1698)

    Vulnerability from cvelistv5 – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13
    Title
    WAGO: WBM Command Injection in multiple products
    Summary
    In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Credits
    Quentin Kaiser from ONEKEY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:12:48.907770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:13:09.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Quentin Kaiser from ONEKEY"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
                }
              ],
              "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-15T08:51:27.453Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-007",
            "defect": [
              "CERT@VDE#64422"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: WBM Command Injection in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1698",
        "datePublished": "2023-05-15T08:51:27.453Z",
        "dateReserved": "2023-03-29T13:00:05.618Z",
        "dateUpdated": "2025-01-23T19:13:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45140 (GCVE-0-2022-45140)

    Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
    VLAI
    Title
    WAGO: Missing Authentication for Critical Function
    Summary
    The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:55.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T17:46:43.476712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T17:46:52.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
                }
              ],
              "value": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:39.448Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Missing Authentication for Critical Function ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45140",
        "datePublished": "2023-02-27T14:36:39.448Z",
        "dateReserved": "2022-11-10T09:46:59.080Z",
        "dateUpdated": "2025-03-10T17:46:52.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45139 (GCVE-0-2022-45139)

    Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:46
    VLAI
    Title
    WAGO: Origin validation error through CORS misconfiguration
    Summary
    A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW18 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:55.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T17:45:54.261351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T17:46:16.888Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
                }
              ],
              "value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:32.016Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Origin validation error through CORS misconfiguration",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45139",
        "datePublished": "2023-02-27T14:36:32.016Z",
        "dateReserved": "2022-11-10T09:46:59.080Z",
        "dateUpdated": "2025-03-10T17:46:16.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45138 (GCVE-0-2022-45138)

    Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2025-03-10 17:20
    VLAI
    Title
    WAGO: Missing Authentication for Critical Function
    Summary
    The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW18 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:55.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-10T17:20:33.215201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-10T17:20:50.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
                }
              ],
              "value": "The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:20.474Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Missing Authentication for Critical Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45138",
        "datePublished": "2023-02-27T14:36:20.474Z",
        "dateReserved": "2022-11-10T09:46:59.079Z",
        "dateUpdated": "2025-03-10T17:20:50.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45137 (GCVE-0-2022-45137)

    Vulnerability from cvelistv5 – Published: 2023-02-27 14:36 – Updated: 2024-08-03 14:09
    VLAI
    Title
    WAGO: Reflective Cross-Site Scripting
    Summary
    The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WAGO Compact Controller CC100 (751-9301) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Edge Controller (752-8303/8000-002) Affected: FW18 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC100 (750-81xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO PFC200 (750-82xx/xxx-xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Advanced Line (762-5xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Marine Line (762-6xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    WAGO Touch Panel 600 Standard Line (762-4xxx) Affected: FW16 , < FW22 (custom)
    Unaffected: FW22 Patch 1
    Affected: FW23
    Create a notification for this product.
    Credits
    Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:56.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Compact Controller CC100 (751-9301)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Edge Controller (752-8303/8000-002)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC100 (750-81xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PFC200 (750-82xx/xxx-xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Advanced Line (762-5xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Marine Line (762-6xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Touch Panel 600 Standard Line (762-4xxx)",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThan": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FW22 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "FW23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
                }
              ],
              "value": "The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:36:03.411Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64160"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "WAGO: Reflective Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-45137",
        "datePublished": "2023-02-27T14:36:03.411Z",
        "dateReserved": "2022-11-10T09:46:59.079Z",
        "dateUpdated": "2024-08-03T14:09:56.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3738 (GCVE-0-2022-3738)

    Vulnerability from cvelistv5 – Published: 2023-01-19 11:27 – Updated: 2025-04-02 14:55
    VLAI
    Title
    WAGO: Missing authentication for config export functionality in multiple products
    Summary
    The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Date Public
    2023-01-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:57.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:55:30.723734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T14:55:51.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO PFC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO PFC200",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO Touch Panel 600 Advanced Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO Touch Panel 600 Marine Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Series WAGO Touch Panel 600 Standard Line",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WAGO Compact Controller CC100",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WAGO Edge Controller",
              "vendor": "WAGO",
              "versions": [
                {
                  "lessThanOrEqual": "FW22",
                  "status": "affected",
                  "version": "FW16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-01-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T09:43:18.629Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-054",
            "defect": [
              "CERT@VDE#64273"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "WAGO: Missing authentication for config export functionality in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-3738",
        "datePublished": "2023-01-19T11:27:51.814Z",
        "dateReserved": "2022-10-28T07:18:40.653Z",
        "dateUpdated": "2025-04-02T14:55:51.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6090 (GCVE-0-2020-6090)

    Vulnerability from cvelistv5 – Published: 2020-06-11 13:27 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC 200 03.03.10(15)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC 200 03.03.10(15)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-11T13:27:20.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2020-6090",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC 200 03.03.10(15)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2020-6090",
        "datePublished": "2020-06-11T13:27:20.000Z",
        "dateReserved": "2020-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5185 (GCVE-0-2019-5185)

    Vulnerability from cvelistv5 – Published: 2020-03-23 13:22 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC200 Firmware version 03.02.02(14)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC200 Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=X1 state=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T13:22:52.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC200 Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=X1 state=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5185",
        "datePublished": "2020-03-23T13:22:52.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5184 (GCVE-0-2019-5184)

    Vulnerability from cvelistv5 – Published: 2020-03-23 13:22 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.
    Severity
    No CVSS data available.
    CWE
    • double-free
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC200 Firmware version 03.02.02(14)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.819Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC200 Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable double free vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "double-free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T13:22:45.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC200 Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable double free vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "double-free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0965"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5184",
        "datePublished": "2020-03-23T13:22:45.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5186 (GCVE-0-2019-5186)

    Vulnerability from cvelistv5 – Published: 2020-03-23 13:19 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash.
    Severity
    No CVSS data available.
    CWE
    • stack buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Wago Affected: WAGO PFC200 Firmware version 03.02.02(14)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wago",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "WAGO PFC200 Firmware version 03.02.02(14)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=\u003ccontents of interface element\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stack buffer",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T13:19:22.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2019-5186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wago",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WAGO PFC200 Firmware version 03.02.02(14)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=\u003ccontents of interface element\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stack buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2019-5186",
        "datePublished": "2020-03-23T13:19:22.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }