Vulnerabilites related to WAGO - PFC200 G1 750-820x-xxx-xxx
CVE-2025-25264 (GCVE-0-2025-25264)
Vulnerability from cvelistv5
Published
2025-06-16 09:45
Modified
2025-10-07 07:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Summary
A low-privileged remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-25264", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-06-16T18:15:48.127204Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-16T18:15:58.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A low-privileged remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks." } ], "value": "A low-privileged remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-942", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-10-07T07:16:37.653Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://certvde.com/en/advisories/VDE-2025-018/" } ], "source": { "advisory": "VDE-2025-018", "defect": [ "CERT@VDE#641748" ], "discovery": "UNKNOWN" }, "title": "Overly Permissive CORS Policy in WAGO Device Manager", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2025-25264", "datePublished": "2025-06-16T09:45:31.613Z", "dateReserved": "2025-02-06T12:30:08.317Z", "dateUpdated": "2025-10-07T07:16:37.653Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-41968 (GCVE-0-2024-41968)
Vulnerability from cvelistv5
Published
2024-11-18 09:03
Modified
2025-08-27 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | WAGO | CC100 0751-9x01 |
Version: 0.0.0 ≤ 4.5.10 (FW27) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-41968", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T14:56:16.336634Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-27T21:33:03.869Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 0750-820x/xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "03.03.08 (80)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 0750-821x/xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.03.03 (72)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.\u0026nbsp;\u003cbr\u003e" } ], "value": "A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-30T09:20:17.138Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2024-047" } ], "source": { "advisory": "VDE-2024-047", "defect": [ "CERT@VDE#641658" ], "discovery": "UNKNOWN" }, "title": "WAGO: Docker Settings Manipulation in Multiple Devices", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2024-41968", "datePublished": "2024-11-18T09:03:20.948Z", "dateReserved": "2024-07-25T09:07:31.463Z", "dateUpdated": "2025-08-27T21:33:03.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-25265 (GCVE-0-2025-25265)
Vulnerability from cvelistv5
Published
2025-06-16 09:46
Modified
2025-07-04 07:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | WAGO | WAGO CC100 0751-9x01 |
Version: 0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-25265", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-16T18:12:43.011626Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-16T18:13:49.552Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "WAGO CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system\u2019s file structure.\u003cbr\u003e" } ], "value": "A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system\u2019s file structure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-04T07:48:05.259Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://certvde.com/en/advisories/VDE-2025-018/" } ], "source": { "advisory": "VDE-2025-018", "defect": [ "CERT@VDE#641748" ], "discovery": "UNKNOWN" }, "title": "Unauthenticated File Read via Web Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2025-25265", "datePublished": "2025-06-16T09:46:13.998Z", "dateReserved": "2025-02-06T12:30:08.318Z", "dateUpdated": "2025-07-04T07:48:05.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-41969 (GCVE-0-2024-41969)
Vulnerability from cvelistv5
Published
2024-11-18 09:04
Modified
2025-01-30 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | WAGO | CC100 0751-9x01 |
Version: 0.0.0 ≤ 4.5.10 (FW27) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-41969", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T22:09:24.613269Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-10T16:59:37.246Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 0750-820x/xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "03.03.08 (80)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 0750-821x/xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.03.03 (72)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A low privileged remote attacker may\u0026nbsp;modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.\u0026nbsp;\u003cbr\u003e" } ], "value": "A low privileged remote attacker may\u00a0modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-30T09:21:40.910Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2024-047" } ], "source": { "advisory": "VDE-2024-047", "defect": [ "CERT@VDE#641658" ], "discovery": "UNKNOWN" }, "title": "WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2024-41969", "datePublished": "2024-11-18T09:04:13.691Z", "dateReserved": "2024-07-25T09:07:31.464Z", "dateUpdated": "2025-01-30T09:21:40.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-41967 (GCVE-0-2024-41967)
Vulnerability from cvelistv5
Published
2024-11-18 09:03
Modified
2025-08-27 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | WAGO | CC100 0751-9x01 |
Version: 0.0.0 ≤ 4.5.10 (FW27) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-41967", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-18T15:22:03.669949Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-27T21:33:03.997Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 0750-820x/xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "03.03.08 (80)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 0750-821x/xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.03.03 (72)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A low privileged remote attacker\u0026nbsp;may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.\u003cbr\u003e" } ], "value": "A low privileged remote attacker\u00a0may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-30T09:19:19.853Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2024-047" } ], "source": { "advisory": "VDE-2024-047", "defect": [ "CERT@VDE#641658" ], "discovery": "UNKNOWN" }, "title": "WAGO: Boot Mode Manipulation in Multiple Devices", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2024-41967", "datePublished": "2024-11-18T09:03:57.513Z", "dateReserved": "2024-07-25T09:07:31.463Z", "dateUpdated": "2025-08-27T21:33:03.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0101 (GCVE-0-2025-0101)
Vulnerability from cvelistv5
Published
2025-04-16 07:29
Modified
2025-04-16 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | WAGO | CC100 0751-9x01 |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0101", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T14:40:07.343717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T14:40:37.827Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "03.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "03.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "WAGO CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "WAGO Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "WAGO Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Marcus Kramh\u00f6ller from Noris Automatio GmbH" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart.\u003c/p\u003e" } ], "value": "A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-16T07:29:06.441Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2025-007" } ], "source": { "advisory": "VDE-2025-007", "defect": [ "CERT@VDE#641734" ], "discovery": "UNKNOWN" }, "title": "WAGO: Year 2038 problem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2025-0101", "datePublished": "2025-04-16T07:29:06.441Z", "dateReserved": "2024-12-19T10:35:03.865Z", "dateUpdated": "2025-04-16T14:40:37.827Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12650 (GCVE-0-2024-12650)
Vulnerability from cvelistv5
Published
2025-03-05 11:46
Modified
2025-03-05 14:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-252 - Unchecked Return Value
Summary
An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | WAGO | CC100 0751-9x01 |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12650", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-05T14:11:34.419639Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-05T14:12:02.004Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "3.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [ { "lessThan": "04.07.01", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gabriele Quagliarella from Nozomi Networks" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.\u003c/p\u003e" } ], "value": "An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-252", "description": "CWE-252 Unchecked Return Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-05T11:46:15.486Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2025-004" } ], "source": { "advisory": "VDE-2025-004", "defect": [ "CERT@VDE#641731" ], "discovery": "UNKNOWN" }, "title": "Wago: Vulnerability in libwagosnmp", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2024-12650", "datePublished": "2025-03-05T11:46:15.486Z", "dateReserved": "2024-12-16T07:37:06.620Z", "dateUpdated": "2025-03-05T14:12:02.004Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }