cnvd - cnvd-2018-03481

cnvd-2018-03481

Vulnerability from cnvd

Title: WAGO PFC200系列不正确身份验证漏洞

Description:

WAGO PFC200是德国WAGO公司的总线可编辑逻辑控制器模块。

WAGO PFC200系列3S CoDeSys Runtime 2.3.X和2.4.X版本存在不正确身份验证漏洞，该漏洞源CoDeSys Runtime应用程序在端口2455上可通过网络默认使用。攻击者可利用漏洞通过将特制的TCP数据包发送到端口2455来执行一些未经身份验证的命令。

Severity: 高

Patch Name: WAGO PFC200系列不正确身份验证漏洞的补丁

Patch Description:

WAGO PFC200是德国WAGO公司的总线可编辑逻辑控制器模块。

WAGO PFC200系列3S CoDeSys Runtime 2.3.X和2.4.X版本存在不正确身份验证漏洞，该漏洞源CoDeSys Runtime应用程序在端口2455上可通过网络默认使用。攻击者可利用漏洞通过将特制的TCP数据包发送到端口2455来执行一些未经身份验证的命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： http://global.wago.com/media/2_products/security/Sec-Advisory_CoDeSys.pdf (link is external)

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01

Impacted products

Name
['WAGO PFC200 Series 3S CoDeSys Runtime 2.3.X', 'WAGO PFC200 Series 3S CoDeSys Runtime 2.4.X']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5459"
    }
  },
  "description": "WAGO PFC200\u662f\u5fb7\u56fdWAGO\u516c\u53f8\u7684\u603b\u7ebf\u53ef\u7f16\u8f91\u903b\u8f91\u63a7\u5236\u5668\u6a21\u5757\u3002 \r\n\r\nWAGO PFC200\u7cfb\u52173S CoDeSys Runtime 2.3.X\u548c2.4.X\u7248\u672c\u5b58\u5728\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90CoDeSys Runtime\u5e94\u7528\u7a0b\u5e8f\u5728\u7aef\u53e32455\u4e0a\u53ef\u901a\u8fc7\u7f51\u7edc\u9ed8\u8ba4\u4f7f\u7528\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u5c06\u7279\u5236\u7684TCP\u6570\u636e\u5305\u53d1\u9001\u5230\u7aef\u53e32455\u6765\u6267\u884c\u4e00\u4e9b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u547d\u4ee4\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://global.wago.com/media/2_products/security/Sec-Advisory_CoDeSys.pdf (link is external)",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03481",
  "openTime": "2018-02-26",
  "patchDescription": "WAGO PFC200\u662f\u5fb7\u56fdWAGO\u516c\u53f8\u7684\u603b\u7ebf\u53ef\u7f16\u8f91\u903b\u8f91\u63a7\u5236\u5668\u6a21\u5757\u3002 \r\n\r\nWAGO PFC200\u7cfb\u52173S CoDeSys Runtime 2.3.X\u548c2.4.X\u7248\u672c\u5b58\u5728\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90CoDeSys Runtime\u5e94\u7528\u7a0b\u5e8f\u5728\u7aef\u53e32455\u4e0a\u53ef\u901a\u8fc7\u7f51\u7edc\u9ed8\u8ba4\u4f7f\u7528\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u5c06\u7279\u5236\u7684TCP\u6570\u636e\u5305\u53d1\u9001\u5230\u7aef\u53e32455\u6765\u6267\u884c\u4e00\u4e9b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WAGO PFC200\u7cfb\u5217\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "WAGO PFC200 Series 3S CoDeSys Runtime  2.3.X",
      "WAGO PFC200 Series 3S CoDeSys Runtime  2.4.X"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-26",
  "title": "WAGO PFC200\u7cfb\u5217\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2018-5459 (GCVE-0-2018-5459)

Vulnerability from cvelistv5

Published

2018-02-13 21:00

Modified

2024-08-05 05:33

Severity ?

CWE

CWE-287

Summary

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.

References

▼	URL	Tags
	https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	WAGO PFC200 Series	Version: WAGO PFC200 Series

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WAGO PFC200 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "WAGO PFC200 Series"
            }
          ]
        }
      ],
      "datePublic": "2018-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-13T20:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-5459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WAGO PFC200 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "WAGO PFC200 Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-5459",
    "datePublished": "2018-02-13T21:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted