CVE-2018-5459

EPSS 0.91%
Veröffentlicht 13.02.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 04:08:50
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wago ≫ Pfc200 Firmware Version < 02.07.07\(10\)

   Wago ≫ 750-8202 Version-
   Wago ≫ 750-8202/025-000 Version-
   Wago ≫ 750-8202/025-001 Version-
   Wago ≫ 750-8202/025-002 Version-
   Wago ≫ 750-8202/040-001 Version-
   Wago ≫ 750-8203 Version-
   Wago ≫ 750-8203/025-000 Version-
   Wago ≫ 750-8204 Version-
   Wago ≫ 750-8204/025-000 Version-
   Wago ≫ 750-8206 Version-
   Wago ≫ 750-8206/025-000 Version-
   Wago ≫ 750-8206/025-001 Version-
   Wago ≫ 750-8207 Version-
   Wago ≫ 750-8207/025-000 Version-
   Wago ≫ 750-8207/025-001 Version-
   Wago ≫ 750-8208 Version-
   Wago ≫ 750-8208/025-000 Version-
   Wago ≫ Pfc200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.751

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2018-5459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5459

EUVD