Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-12550 (GCVE-0-2019-12550)
Vulnerability from cvelistv5 – Published: 2019-06-17 16:29 – Updated: 2024-08-04 23:24
VLAI?
EPSS
Summary
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wago.com/us/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T15:28:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wago.com/us/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wago.com/us/",
"refsource": "MISC",
"url": "https://www.wago.com/us/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"refsource": "MISC",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12550",
"datePublished": "2019-06-17T16:29:08",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12550\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-17T17:15:11.117\",\"lastModified\":\"2024-11-21T04:23:04.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.\"},{\"lang\":\"es\",\"value\":\"WAGO 852-303 anterior de FW06, 852-1305 anterior de FW06 y 852-1505 antes de que los dispositivos FW03 contengan usuarios codificados y contrase\u00f1as que se pueden usar para iniciar sesi\u00f3n a trav\u00e9s de SSH y TELNET\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:852-303_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.2.s0\",\"matchCriteriaId\":\"DBF70930-3257-4195-A1FF-0C744D8693F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:852-303:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A4A86F-E211-4C4A-A955-193B54F116E4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:852-1305_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.6.s0\",\"matchCriteriaId\":\"55B9B0F3-735F-46A4-B22C-EBF30C58DB18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:852-1305:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"815000D6-8AED-4D8D-B861-D5CD9D0B0F33\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:852-1505_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.5.s0\",\"matchCriteriaId\":\"428863B9-CC9C-456D-9188-5354F8AD5D68\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:852-1505:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE946336-8786-40F3-BC14-7D37F77F1A5F\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2019-013\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.wago.com/us/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2019-013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.wago.com/us/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GSD-2019-12550
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-12550",
"description": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.",
"id": "GSD-2019-12550",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2019-12550"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-12550"
],
"details": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.",
"id": "GSD-2019-12550",
"modified": "2023-12-13T01:23:44.129035Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wago.com/us/",
"refsource": "MISC",
"url": "https://www.wago.com/us/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"refsource": "MISC",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:852-303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.2.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:852-303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.5.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12550"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
},
{
"name": "https://www.wago.com/us/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.wago.com/us/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-06-19T17:11Z",
"publishedDate": "2019-06-17T17:15Z"
}
}
}
VAR-201906-0626
Vulnerability from variot - Updated: 2024-11-23 19:57WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. WAGO 852-303 , 852-1305 , 852-1505 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGOIndustrialManagedSwitches852-303 and so on are all industrial management switches of WAGO, Germany. A security management vulnerability exists in versions prior to WAGOIndustrialManagedSwitches852-3031.2.2.S0, prior to 852-13051.1.6.S0, and prior to 852-15051.1.5.S0. Attackers can use the default password or hardcoded password, hardcoded certificate. Wait for the affected component to attack. Successful attacks can allow a remote attacker to gain unauthorized access to the vulnerable device. SEC Consult Vulnerability Lab Security Advisory < 20190612-0 > ======================================================================= title: Multiple vulnerabilities product: WAGO 852 Industrial Managed Switch Series vulnerable version: 852-303: <v1.2.2.S0 852-1305: <v1.1.6.S0 852-1505: <v1.1.5.S0 fixed version: 852-303: v1.2.2.S0 852-1305: v1.1.6.S0 852-1505: v1.1.5.S0 CVE number: CVE-2019-12550, CVE-2019-12549 impact: high homepage: https://www.wago.com found: 2019-03-08 by: T. Weber (Office Vienna) IoT Inspector SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"New ideas are the driving force behind our success WAGO is a family-owned company headquartered in Minden, Germany. Independently operating for three generations, WAGO is the global leader of spring pressure electrical interconnect and automation solutions. For more than 60 years, WAGO has developed and produced innovative products for packaging, transportation, process, industrial and building automation markets amongst others. Aside from its innovations in spring pressure connection technology, WAGO has introduced numerous innovations that have revolutionized industry. Further ground-breaking inventions include: the WAGO-I/O-SYSTEM®, TOPJOB S® and WALL-NUTS®."
Source: http://www.wago.us/wago/
Business recommendation:
SEC Consult recommends to immediately apply the available patches from the vendor. A thorough security review should be performed by security professionals to identify further potential security issues. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. Two vulnerabilities (CVE-2017-16544 and CVE-2015-0235) were verified by emulating the device with the MEDUSA scaleable firmware runtime. The validity of the password hashes and the embedded keys were also verified by emulating the device.
1) Known BusyBox Vulnerabilities The used BusyBox toolkit in version 1.12.0 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2017-16544) was verified by using the MEDUSA scaleable firmware runtime.
2) Known GNU glibc Vulnerabilities The used GNU glibc in version 2.8 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2015-0235, "GHOST") was verified by using the MEDUSA scaleable firmware runtime.
4) Embedded Private Keys (CVE-2019-12549) The device contains hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches to the embedded private key.
Proof of concept:
1) Known BusyBox Vulnerabilities BusyBox version 1.12.0 contains multiple CVEs like: CVE-2013-1813, CVE-2016-2148, CVE-2016-6301, CVE-2011-2716, CVE-2011-5325, CVE-2015-9261, CVE-2016-2147 and more.
The BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on an emulated device. A file with the name "\ectest\n\e]55;test.txt\a" was created to trigger the vulnerability.
ls "pressing "
test ]55;test.txt
2) Known GNU glibc Vulnerabilities GNU glibc version 2.8 contains multiple CVEs like: CVE-2010-0296, CVE-2010-3856, CVE-2012-4412, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472 and more.
The gethostbyname buffer overflow vulnerability (GHOST) was checked with the help of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled and executed on the emulated device to test the system.
3) Hardcoded Credentials (CVE-2019-12550) The following credentials were found in the 'passwd' file of the firmware: root No password is set for the account [EMPTY PASSWORD] admin
By using these credentials, it's possible to connect via Telnet and SSH on the emulated device. Example for Telnet:
[root@localhost ~]# telnet 192.168.0.133 Trying 192.168.0.133... Connected to 192.168.0.133. Escape character is '^]'.
L2SWITCH login: root Password: ~ #
Example for SSH:
[root@localhost ~]# ssh 192.168.0.133 root@192.168.0.133's password: ~ #
4) Embedded Private Keys (CVE-2019-12549) The following host key fingerprint is shown by accessing the SSH daemon on the emulated device:
[root@localhost ~]# ssh 192.168.0.133 The authenticity of host '192.168.0.133 (192.168.0.133)' can't be established. RSA key fingerprint is SHA256:X5Vr0/x0/j62N/aqZmHz96ojwl8x/I8mfzuT8o6uZso. RSA key fingerprint is MD5:2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2.
This matches the embedded private key (which has been removed from this advisory): SSH Fingerprint: 2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2
Vulnerable / tested versions:
According to the vendor, the following versions are affected: * 852-303: <v1.2.2.S0 * 852-1305: <v1.1.6.S0 * 852-1505: <v1.1.5.S0
Vendor contact timeline:
2019-03-12: Contacting VDE CERT through info@cert.vde.com, received confirmation 2019-03-26: Asking for a status update, VDE CERT is still waiting for details 2019-03-28: VDE CERT requests information from WAGO again 2019-04-09: Asking for a status update 2019-04-11: VDE CERT: patched firmware release planned for end of May, requested postponement of advisory release 2019-04-16: VDE CERT: update regarding affected firmware versions 2019-04-24: Confirming advisory release for beginning of June 2019-05-20: Asking for a status update 2019-05-22: VDE CERT: no news from WAGO yet, 5th June release date 2019-05-29: Asking for a status update 2019-05-29: VDE CERT: detailed answer from WAGO, patches will be published on 7th June, SEC Consult proposes new advisory release date for 12th June 2019-06-07: VDE CERT provides security advisory information from WAGO; WAGO releases security patches 2019-06-12: Coordinated release of security advisory
Solution:
The vendor provides patches to their customers at their download page. The following versions fix the issues: * 852-303: v1.2.2.S0 * 852-1305: v1.1.6.S0 * 852-1505: v1.1.5.S0
According to the vendor, busybox and glibc have been updated and the embedded private keys are being newly generated upon first boot and after a factory reset.
Workaround:
Restrict network access to the device & SSH server.
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
SEC Consult Vulnerability Lab
SEC Consult
Europe | Asia | North America
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF T. Weber / @2019
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0626",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "852-1505",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.5.s0"
},
{
"model": "852-1305",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "852-303",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.2.s0"
},
{
"model": "852-1305",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "852-1505",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "852-303",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "industrial managed switches \u003c1.2.2.s0",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "852-303"
},
{
"model": "industrial managed switches \u003c1.1.6.s0",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "852-1305"
},
{
"model": "industrial managed switches \u003c1.1.5.s0",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "852-1505"
},
{
"model": "industrial managed switches 1.2.1.s0",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "852-303"
},
{
"model": "industrial managed switches 1.1.4.s0",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "852-1505"
},
{
"model": "industrial managed switches 1.1.5.s0",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "852-1305"
},
{
"model": "industrial managed switches 1.2.2.s0",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "852-303"
},
{
"model": "industrial managed switches 1.1.5.s0",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "852-1505"
},
{
"model": "industrial managed switches 1.1.6.s0",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "852-1305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "BID",
"id": "108759"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:852-1305_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:852-1505_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:852-303_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "T. Weber of SEC Consult Vulnerability Lab reported these vulnerabilities to CERT@VDE.,T. Weber of SEC Consult Vulnerability Lab,T. Weber of SEC Consult Vulnerability Lab.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
}
],
"trust": 0.6
},
"cve": "CVE-2019-12550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-12550",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-25723",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-12550",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12550",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-12550",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-25723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-586",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-12550",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
},
{
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. WAGO 852-303 , 852-1305 , 852-1505 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGOIndustrialManagedSwitches852-303 and so on are all industrial management switches of WAGO, Germany. A security management vulnerability exists in versions prior to WAGOIndustrialManagedSwitches852-3031.2.2.S0, prior to 852-13051.1.6.S0, and prior to 852-15051.1.5.S0. Attackers can use the default password or hardcoded password, hardcoded certificate. Wait for the affected component to attack. \nSuccessful attacks can allow a remote attacker to gain unauthorized access to the vulnerable device. SEC Consult Vulnerability Lab Security Advisory \u003c 20190612-0 \u003e\n=======================================================================\n title: Multiple vulnerabilities\n product: WAGO 852 Industrial Managed Switch Series\n vulnerable version: 852-303: \u003cv1.2.2.S0\n 852-1305: \u003cv1.1.6.S0\n 852-1505: \u003cv1.1.5.S0\n fixed version: 852-303: v1.2.2.S0\n 852-1305: v1.1.6.S0\n 852-1505: v1.1.5.S0\n CVE number: CVE-2019-12550, CVE-2019-12549\n impact: high\n homepage: https://www.wago.com\n found: 2019-03-08\n by: T. Weber (Office Vienna)\n IoT Inspector\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"New ideas are the driving force behind our success WAGO is a family-owned\ncompany headquartered in Minden, Germany. Independently operating for three\ngenerations, WAGO is the global leader of spring pressure electrical\ninterconnect and automation solutions. For more than 60 years, WAGO has\ndeveloped and produced innovative products for packaging, transportation,\nprocess, industrial and building automation markets amongst others. Aside from\nits innovations in spring pressure connection technology, WAGO has introduced\nnumerous innovations that have revolutionized industry. Further ground-breaking\ninventions include: the WAGO-I/O-SYSTEM\u00ae, TOPJOB S\u00ae and WALL-NUTS\u00ae.\"\n\nSource: http://www.wago.us/wago/\n\n\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends to immediately apply the available patches\nfrom the vendor. A thorough security review should be performed by\nsecurity professionals to identify further potential security issues. \nFurthermore, hardcoded password hashes and credentials were also found by doing\nan automated scan with IoT Inspector. Two vulnerabilities (CVE-2017-16544 and\nCVE-2015-0235) were verified by emulating the device with the MEDUSA scaleable\nfirmware runtime. The validity of the password hashes and the embedded keys were\nalso verified by emulating the device. \n\n\n1) Known BusyBox Vulnerabilities\nThe used BusyBox toolkit in version 1.12.0 is outdated and contains multiple\nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using\nthe MEDUSA scaleable firmware runtime. \n\n2) Known GNU glibc Vulnerabilities\nThe used GNU glibc in version 2.8 is outdated and contains multiple known\nvulnerabilities. The outdated version was found by IoT Inspector. One of\nthe discovered vulnerabilities (CVE-2015-0235, \"GHOST\") was verified by\nusing the MEDUSA scaleable firmware runtime. \n\n4) Embedded Private Keys (CVE-2019-12549)\nThe device contains hardcoded private keys for the SSH daemon. The fingerprint\nof the SSH host key from the corresponding SSH daemon matches to the embedded\nprivate key. \n\n\nProof of concept:\n-----------------\n1) Known BusyBox Vulnerabilities\nBusyBox version 1.12.0 contains multiple CVEs like:\nCVE-2013-1813, CVE-2016-2148, CVE-2016-6301, CVE-2011-2716, CVE-2011-5325,\nCVE-2015-9261, CVE-2016-2147 and more. \n\nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on\nan emulated device. A file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created\nto trigger the vulnerability. \n\n-------------------------------------------------------------------------------\n# ls \"pressing \u003cTAB\u003e\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n\n2) Known GNU glibc Vulnerabilities\nGNU glibc version 2.8 contains multiple CVEs like:\nCVE-2010-0296, CVE-2010-3856, CVE-2012-4412, CVE-2014-4043, CVE-2014-9402,\nCVE-2014-9761, CVE-2014-9984, CVE-2015-1472 and more. \n\nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the help\nof the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled\nand executed on the emulated device to test the system. \n\n\n3) Hardcoded Credentials (CVE-2019-12550)\nThe following credentials were found in the \u0027passwd\u0027 file of the firmware:\n\u003cPassword Hash\u003e \u003cPlaintext\u003e \u003cUser\u003e\n\u003cremoved\u003e \u003cremoved\u003e root\nNo password is set for the account [EMPTY PASSWORD] admin\n\nBy using these credentials, it\u0027s possible to connect via Telnet and SSH on the\nemulated device. Example for Telnet:\n-------------------------------------------------------------------------------\n[root@localhost ~]# telnet 192.168.0.133\nTrying 192.168.0.133... \nConnected to 192.168.0.133. \nEscape character is \u0027^]\u0027. \n\nL2SWITCH login: root\nPassword:\n~ #\n-------------------------------------------------------------------------------\nExample for SSH:\n-------------------------------------------------------------------------------\n[root@localhost ~]# ssh 192.168.0.133\nroot@192.168.0.133\u0027s password:\n~ #\n-------------------------------------------------------------------------------\n\n\n4) Embedded Private Keys (CVE-2019-12549)\nThe following host key fingerprint is shown by accessing the SSH daemon on\nthe emulated device:\n\n[root@localhost ~]# ssh 192.168.0.133\nThe authenticity of host \u0027192.168.0.133 (192.168.0.133)\u0027 can\u0027t be established. \nRSA key fingerprint is SHA256:X5Vr0/x0/j62N/aqZmHz96ojwl8x/I8mfzuT8o6uZso. \nRSA key fingerprint is MD5:2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2. \n\nThis matches the embedded private key (which has been removed from this advisory):\nSSH Fingerprint: 2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2\n\n\nVulnerable / tested versions:\n-----------------------------\nAccording to the vendor, the following versions are affected:\n* 852-303: \u003cv1.2.2.S0\n* 852-1305: \u003cv1.1.6.S0\n* 852-1505: \u003cv1.1.5.S0\n\n\nVendor contact timeline:\n------------------------\n2019-03-12: Contacting VDE CERT through info@cert.vde.com, received confirmation\n2019-03-26: Asking for a status update, VDE CERT is still waiting for details\n2019-03-28: VDE CERT requests information from WAGO again\n2019-04-09: Asking for a status update\n2019-04-11: VDE CERT: patched firmware release planned for end of May, requested\n postponement of advisory release\n2019-04-16: VDE CERT: update regarding affected firmware versions\n2019-04-24: Confirming advisory release for beginning of June\n2019-05-20: Asking for a status update\n2019-05-22: VDE CERT: no news from WAGO yet, 5th June release date\n2019-05-29: Asking for a status update\n2019-05-29: VDE CERT: detailed answer from WAGO, patches will be published\n on 7th June, SEC Consult proposes new advisory release date for\n 12th June\n2019-06-07: VDE CERT provides security advisory information from WAGO;\n WAGO releases security patches\n2019-06-12: Coordinated release of security advisory\n\n\nSolution:\n---------\nThe vendor provides patches to their customers at their download page. The\nfollowing versions fix the issues:\n* 852-303: v1.2.2.S0\n* 852-1305: v1.1.6.S0\n* 852-1505: v1.1.5.S0\n\nAccording to the vendor, busybox and glibc have been updated and the embedded\nprivate keys are being newly generated upon first boot and after a factory reset. \n\n\n\nWorkaround:\n-----------\nRestrict network access to the device \u0026 SSH server. \n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF T. Weber / @2019\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12550"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "BID",
"id": "108759"
},
{
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"db": "PACKETSTORM",
"id": "153278"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12550",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-164-02",
"trust": 3.4
},
{
"db": "CERT@VDE",
"id": "VDE-2019-013",
"trust": 2.3
},
{
"db": "BID",
"id": "108759",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-25723",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2117",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-586",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-12550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153278",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"db": "BID",
"id": "108759"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "PACKETSTORM",
"id": "153278"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
},
{
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"id": "VAR-201906-0626",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
}
],
"trust": 1.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
}
]
},
"last_update_date": "2024-11-23T19:57:33.420000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGOIndustrialManagedSwitches852-303, 852-1305, and 852-1505 Trust Patches for Management Issue Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/172991"
},
{
"title": "WAGO Industrial Managed Switches 852-303 , 852-1305 and 852-1505 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93807"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-164-02"
},
{
"trust": 2.3,
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
},
{
"trust": 1.7,
"url": "https://www.wago.com/us/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12550"
},
{
"trust": 0.9,
"url": "http://www.wago.com/"
},
{
"trust": 0.9,
"url": "https://www.wago.com/global/download/public/sa-sys-2019-002.pdf/sa-sys-2019-002.pdf"
},
{
"trust": 0.9,
"url": "https://www.wago.com/global/download/public/sa-sys-2019-003.pdf/sa-sys-2019-003.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12550"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108759"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2117/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.1,
"url": "http://www.wago.us/wago/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2716"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://seclists.org/oss-sec/2015/q1/274."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4412"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://www.wago.com"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1813"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"db": "BID",
"id": "108759"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "PACKETSTORM",
"id": "153278"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
},
{
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"db": "BID",
"id": "108759"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"db": "PACKETSTORM",
"id": "153278"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
},
{
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108759"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"date": "2019-06-13T19:33:38",
"db": "PACKETSTORM",
"id": "153278"
},
{
"date": "2019-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-586"
},
{
"date": "2019-06-17T17:15:11.117000",
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25723"
},
{
"date": "2019-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12550"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108759"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005607"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-586"
},
{
"date": "2024-11-21T04:23:04.880000",
"db": "NVD",
"id": "CVE-2019-12550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WAGO Vulnerabilities related to the use of hard-coded credentials on product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005607"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-586"
}
],
"trust": 0.6
}
}
GHSA-H63Q-5H2Q-WX97
Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 00:58
VLAI?
Details
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2019-12550"
],
"database_specific": {
"cwe_ids": [
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-17T17:15:00Z",
"severity": "CRITICAL"
},
"details": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.",
"id": "GHSA-h63q-5h2q-wx97",
"modified": "2024-04-04T00:58:30Z",
"published": "2022-05-24T16:48:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12550"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"type": "WEB",
"url": "https://www.wago.com/us"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2019-12550
Vulnerability from fkie_nvd - Published: 2019-06-17 17:15 - Updated: 2024-11-21 04:23
Severity ?
Summary
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en-us/advisories/vde-2019-013 | Third Party Advisory | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02 | Third Party Advisory | |
| cve@mitre.org | https://www.wago.com/us/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2019-013 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wago.com/us/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 852-303_firmware | * | |
| wago | 852-303 | - | |
| wago | 852-1305_firmware | * | |
| wago | 852-1305 | - | |
| wago | 852-1505_firmware | * | |
| wago | 852-1505 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:852-303_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF70930-3257-4195-A1FF-0C744D8693F7",
"versionEndExcluding": "1.2.2.s0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:852-303:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A4A86F-E211-4C4A-A955-193B54F116E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:852-1305_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55B9B0F3-735F-46A4-B22C-EBF30C58DB18",
"versionEndExcluding": "1.1.6.s0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:852-1305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "815000D6-8AED-4D8D-B861-D5CD9D0B0F33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:852-1505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "428863B9-CC9C-456D-9188-5354F8AD5D68",
"versionEndExcluding": "1.1.5.s0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:852-1505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE946336-8786-40F3-BC14-7D37F77F1A5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET."
},
{
"lang": "es",
"value": "WAGO 852-303 anterior de FW06, 852-1305 anterior de FW06 y 852-1505 antes de que los dispositivos FW03 contengan usuarios codificados y contrase\u00f1as que se pueden usar para iniciar sesi\u00f3n a trav\u00e9s de SSH y TELNET"
}
],
"id": "CVE-2019-12550",
"lastModified": "2024-11-21T04:23:04.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T17:15:11.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.wago.com/us/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.wago.com/us/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2019-25723
Vulnerability from cnvd - Published: 2019-08-03
VLAI Severity ?
Title
WAGO Industrial Managed Switches 852-303、852-1305和852-1505信任管理问题漏洞
Description
WAGO Industrial Managed Switches 852-303等都是德国WAGO公司的一款工业管理型交换机。
WAGO Industrial Managed Switches 852-303 1.2.2.S0之前版本、852-1305 1.1.6.S0之前版本和852-1505 1.1.5.S0之前版本中存在信任管理问题漏洞,攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。
Severity
高
Patch Name
WAGO Industrial Managed Switches 852-303、852-1305和852-1505信任管理问题漏洞的补丁
Patch Description
WAGO Industrial Managed Switches 852-303等都是德国WAGO公司的一款工业管理型交换机。
WAGO Industrial Managed Switches 852-303 1.2.2.S0之前版本、852-1305 1.1.6.S0之前版本和852-1505 1.1.5.S0之前版本中存在信任管理问题漏洞,攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.wago.com/global/download/public/SA-SYS-2019-002.pdf/SA-SYS-2019-002.pdf
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
https://cert.vde.com/en-us/advisories/vde-2019-013
Impacted products
| Name | ['WAGO Industrial Managed Switches 852-303 <1.2.2.S0', 'WAGO Industrial Managed Switches 852-1305 <1.1.6.S0', 'WAGO Industrial Managed Switches 852-1505 <1.1.5.S0'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-12550",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12550"
}
},
"description": "WAGO Industrial Managed Switches 852-303\u7b49\u90fd\u662f\u5fb7\u56fdWAGO\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ba1\u7406\u578b\u4ea4\u6362\u673a\u3002\n\nWAGO Industrial Managed Switches 852-303 1.2.2.S0\u4e4b\u524d\u7248\u672c\u3001852-1305 1.1.6.S0\u4e4b\u524d\u7248\u672c\u548c852-1505 1.1.5.S0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u9ed8\u8ba4\u5bc6\u7801\u6216\u8005\u786c\u7f16\u7801\u5bc6\u7801\u3001\u786c\u7f16\u7801\u8bc1\u4e66\u7b49\u653b\u51fb\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002",
"discovererName": "T. Weber / SEC Consult Vulnerability Lab",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.wago.com/global/download/public/SA-SYS-2019-002.pdf/SA-SYS-2019-002.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-25723",
"openTime": "2019-08-03",
"patchDescription": "WAGO Industrial Managed Switches 852-303\u7b49\u90fd\u662f\u5fb7\u56fdWAGO\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ba1\u7406\u578b\u4ea4\u6362\u673a\u3002\r\n\r\nWAGO Industrial Managed Switches 852-303 1.2.2.S0\u4e4b\u524d\u7248\u672c\u3001852-1305 1.1.6.S0\u4e4b\u524d\u7248\u672c\u548c852-1505 1.1.5.S0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u9ed8\u8ba4\u5bc6\u7801\u6216\u8005\u786c\u7f16\u7801\u5bc6\u7801\u3001\u786c\u7f16\u7801\u8bc1\u4e66\u7b49\u653b\u51fb\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "WAGO Industrial Managed Switches 852-303\u3001852-1305\u548c852-1505\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"WAGO Industrial Managed Switches 852-303 \u003c1.2.2.S0",
"WAGO Industrial Managed Switches 852-1305 \u003c1.1.6.S0",
"WAGO Industrial Managed Switches 852-1505 \u003c1.1.5.S0"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02\r\nhttps://cert.vde.com/en-us/advisories/vde-2019-013",
"serverity": "\u9ad8",
"submitTime": "2019-06-13",
"title": "WAGO Industrial Managed Switches 852-303\u3001852-1305\u548c852-1505\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e"
}
ICSA-19-164-02
Vulnerability from csaf_cisa - Published: 2019-06-13 00:00 - Updated: 2019-06-13 00:00Summary
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.
Critical infrastructure sectors
Commercial Facilities
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"T. Weber"
],
"organization": "SEC Consult Vulnerability Lab",
"summary": "reporting these vulnerabilities to CERT@VDE"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-164-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-164-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-164-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-164-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-164-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505",
"tracking": {
"current_release_date": "2019-06-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-164-02",
"initial_release_date": "2019-06-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-06-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-164-02 WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.1.6.S0",
"product": {
"name": "Industrial Managed Switch 852-1305: All versions prior to v1.1.6.S0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Industrial Managed Switch 852-1305"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.1.5.S0",
"product": {
"name": "Industrial Managed Switch 852-1505: All versions prior to v1.1.5.S0",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Industrial Managed Switch 852-1505"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.2.2.S0",
"product": {
"name": "Industrial Managed Switch 852-303: All versions prior to v1.2.2.S0",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Industrial Managed Switch 852-303"
}
],
"category": "vendor",
"name": "WAGO"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12550",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "An attacker with access to the hard-coded credentials may gain access to the operating system of the managed switch with root privileges, which may allow manipulation of the operating system of the managed switch.CVE-2019-12550 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12550"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "WAGO recommends users update their managed switch to the latest firmware published June 7, 2019, or later. New firmware can be requested in the Runtime Software dropdown within the Downloads section at the links below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "852-303: v1.2.2.S0 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.wago.com/us/switches/industrial-managed-switch/p/852-303"
},
{
"category": "mitigation",
"details": "852-1305: v1.1.6.S0 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.wago.com/us/switches/industrial-managed-switch/p/852-1305"
},
{
"category": "mitigation",
"details": "852-1505: v1.1.5.S0 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.wago.com/us/switches/industrial-managed-switch/p/852-1505"
},
{
"category": "mitigation",
"details": "Restrict network access to the switch",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Restrict network access to the SSH server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Do not directly connect the device to the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "For more information CERT@VDE has released a security notification which can be viewed at the following link:https://cert.vde.com/en-us/advisories/vde-2019-013",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2019-12549",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "An attacker with access to the hard-coded SSH key may disrupt communication or compromise the managed switch. The SSH-keys cannot be regenerated by users and all switches use the same key. CVE-2019-12549 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).. 3.2.3 USING COMPONENTS WITH KNOWN VULNERABILITIES 3.2.3 USING COMPONENTS WITH KNOWN VULNERABILITIES. The listed managed switches use outdated third-party components with known vulnerabilities. See the full list of CVE identifiers in CERT@VDE advisory number VDE-2019-013.CVE-2019-12549 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12549"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "WAGO recommends users update their managed switch to the latest firmware published June 7, 2019, or later. New firmware can be requested in the Runtime Software dropdown within the Downloads section at the links below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "852-303: v1.2.2.S0 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.wago.com/us/switches/industrial-managed-switch/p/852-303"
},
{
"category": "mitigation",
"details": "852-1305: v1.1.6.S0 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.wago.com/us/switches/industrial-managed-switch/p/852-1305"
},
{
"category": "mitigation",
"details": "852-1505: v1.1.5.S0 or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.wago.com/us/switches/industrial-managed-switch/p/852-1505"
},
{
"category": "mitigation",
"details": "Restrict network access to the switch",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Restrict network access to the SSH server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Do not directly connect the device to the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "For more information CERT@VDE has released a security notification which can be viewed at the following link:https://cert.vde.com/en-us/advisories/vde-2019-013",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…