{"containers": {"cna": {"affected": [{"product": "WAGO PFC200 Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "WAGO PFC200 Series"}]}], "datePublic": "2018-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-02-13T20:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2018-5459", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WAGO PFC200 Series", "version": {"version_data": [{"version_value": "WAGO PFC200 Series"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-5459", "datePublished": "2018-02-13T21:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2018-02-13T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "047F293C-809E-4931-A018-54BCEBD4BD10", "versionEndExcluding": "02.07.07\\(10\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*", "matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8202\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FC647C3-A602-412F-A4DA-5ED092E2779C", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8202\\/025-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5B99800-C5E6-4001-BCBA-2DB5E3CF7D8D", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8202\\/025-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEF4C2B9-4C44-4F83-B0D5-220A1525D254", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8202\\/040-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4E35ACF-6C0A-4C9F-83A8-6CBAF927BE43", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8203\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2E35209-C3F2-4251-9CB5-094FA9B0D076", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8204\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "40B3E682-F1FD-4ADD-B1B8-89D7BA93B3FD", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8206\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6196935C-97E0-40A2-AF06-03CB72E40B0E", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8206\\/025-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E2892D5-A691-48A9-ACC9-236A50E6A40E", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8207\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F56DA20-D82B-48C7-B4AD-8534367E8D83", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8207\\/025-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C5C4BAD-7268-4367-A112-60E1A2EF6AF3", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*", "matchCriteriaId": "C86098FC-E63E-4676-8BA1-ADCA30795558", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:750-8208\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FFE4FF4-4EE4-493F-A8CF-968215142EF4", "vulnerable": false}, {"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455."}, {"lang": "es", "value": "Se ha descubierto un problema de autenticaci\u00f3n indebida en WAGO PFC200 Series 3S CoDeSys Runtime, versiones 2.3.X y 2.4.X. Un atacante puede ejecutar diferentes operaciones remotas sin autenticaci\u00f3n gracias a la aplicaci\u00f3n CoDeSys Runtime, que est\u00e1 disponible en red por defecto en el puerto 2455. Un atacante podr\u00eda ejecutar algunos comandos sin autenticaci\u00f3n, como la lectura, escritura o eliminaci\u00f3n de archivos arbitrarios, as\u00ed como manipular la aplicaci\u00f3n PLC durante el tiempo de ejecuci\u00f3n mediante el env\u00edo de paquetes TCP especialmente manipulados al puerto 2455."}], "id": "CVE-2018-5459", "lastModified": "2019-10-09T23:41:24.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-13T21:29:00.207", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}