Vulnerability-Lookup

VDE-2025-004

Vulnerability from csaf_wagogmbhcokg - Published: 2025-03-05 11:00 - Updated: 2025-04-10 13:00

Summary

Wago: Vulnerability in libwagosnmp

Notes

Summary: Nozomi Networks reported a vulnerability in the pfc firmware sdk-G2 of libwagosnmp. The WAGO pfc-firmware-sdk-G2 is a software development kit designed for WAGO PFC devices which allows developers to build and customize the firmware.

Impact: If the requested memory size could not be allocated by the underlying operating system, the application uses an invalid memory area. This could lead to a crash of the application.

Remediation: Update to Firmware 4.7.1 (FW29), Firmware 03.10.11. For the latest Custom Firmware, please contact the WAGO support.

CVE-2024-12650

An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-252 - Unchecked Return Value

Vendor Fix Update to Firmware 4.7.1 (FW29), Firmware 03.10.11. For the latest Custom Firmware, please contact the WAGO support.

References

URL

Category

	https://www.wago.com/de-en/automation-technology/psirt	self
	https://certvde.com/de/advisories/vendor/wago/	external
	https://certvde.com/en/advisories/VDE-2025-004	self
	https://wago.csaf-tp.certvde.com/.well-known/csaf…	self

Acknowledgments

CERT@VDE certvde.com

Nozomi Networks Gabriele Quagliarella de.nozominetworks.com/

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Gabriele Quagliarella"
        ],
        "organization": "Nozomi Networks",
        "summary": "reporting",
        "urls": [
          "https://de.nozominetworks.com/"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Nozomi Networks reported a vulnerability in the pfc firmware sdk-G2 of libwagosnmp. The WAGO pfc-firmware-sdk-G2 is a software development kit designed for WAGO PFC devices which allows developers to build and customize the firmware.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If the requested memory size could not be allocated by the underlying operating system, the application uses an invalid memory area. This could lead to a crash of the application.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update to Firmware 4.7.1 (FW29), Firmware 03.10.11. For the latest Custom Firmware, please contact the WAGO support.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/de-en/automation-technology/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO",
        "url": "https://certvde.com/de/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-004: Wago: Vulnerability in libwagosnmp - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-004"
      },
      {
        "category": "self",
        "summary": "VDE-2025-004: Wago: Vulnerability in libwagosnmp - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-004.json"
      }
    ],
    "title": "Wago: Vulnerability in libwagosnmp",
    "tracking": {
      "aliases": [
        "VDE-2025-004"
      ],
      "current_release_date": "2025-04-10T13:00:00.000Z",
      "generator": {
        "date": "2025-02-27T10:59:31.807Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.18"
        }
      },
      "id": "VDE-2025-004",
      "initial_release_date": "2025-03-05T11:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-03-05T11:00:00.000Z",
          "number": "1",
          "summary": "Initial release."
        },
        {
          "date": "2025-04-10T13:00:00.000Z",
          "number": "2",
          "summary": "Fixed csaf reference URL"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0751-9x01",
                    "product": {
                      "name": "CC100 0751-9x01",
                      "product_id": "CSAFPID-11001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0751-9?01"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "CC100"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0750-810x/xxxx-xxxx",
                    "product": {
                      "name": "PFC100 G1 0750-810x/xxxx-xxxx",
                      "product_id": "CSAFPID-11002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0750-810?/????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC100 G1"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0750-811x-xxxx-xxxx",
                    "product": {
                      "name": "PFC100 G2 0750-811x-xxxx-xxxx",
                      "product_id": "CSAFPID-11003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0750-811?-????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC100 G2"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "750-820x-xxx-xxx",
                    "product": {
                      "name": "PFC200 G1 750-820x-xxx-xxx",
                      "product_id": "CSAFPID-11004",
                      "product_identification_helper": {
                        "model_numbers": [
                          " 750-820?-????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC200 G1"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "750-821x-xxx-xxx",
                    "product": {
                      "name": "PFC200 G2 750-821x-xxx-xxx",
                      "product_id": "CSAFPID-11005",
                      "product_identification_helper": {
                        "model_numbers": [
                          "750-821?-????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC200 G2"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0762-420x/8000-000x",
                    "product": {
                      "name": "TP600 0762-420x/8000-000x",
                      "product_id": "CSAFPID-11006",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-420?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-430x/8000-000x",
                    "product": {
                      "name": "TP600 0762-430x/8000-000x",
                      "product_id": "CSAFPID-11007",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-430?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-520x/8000-000x",
                    "product": {
                      "name": "TP600 0762-520x/8000-000x",
                      "product_id": "CSAFPID-11008",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-520?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-530x/8000-000x",
                    "product": {
                      "name": "TP600 0762-530x/8000-000x",
                      "product_id": "CSAFPID-11009",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-530?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-620x/8000-000x",
                    "product": {
                      "name": "TP600 0762-620x/8000-000x",
                      "product_id": "CSAFPID-11010",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-620?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-630x/8000-000x",
                    "product": {
                      "name": "TP600 0762-630x/8000-000x",
                      "product_id": "CSAFPID-11011",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-630?/8000-000?"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "TP600"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0752-8303/8000-0002",
                    "product": {
                      "name": "Edge Controller 0752-8303/8000-0002",
                      "product_id": "CSAFPID-11012",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0752-8303/8000-0002"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "Edge Controller"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c04.07.01",
                "product": {
                  "name": "WAGO Firmware \u003c04.07.01 (FW29)",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_name",
                "name": "04.07.01",
                "product": {
                  "name": "WAGO Firmware 04.07.01 (FW29)",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c03.10.11",
                "product": {
                  "name": "WAGO Firmware \u003c3.10.11 (FW22 Patch 2)",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "03.10.11",
                "product": {
                  "name": "WAGO Firmware 03.10.11",
                  "product_id": "CSAFPID-22002"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c04.07.01 (70)",
                "product": {
                  "name": "Custom Firmware \u003c04.07.01 (70)",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version",
                "name": "04.07.01 (70)",
                "product": {
                  "name": "Custom Firmware 04.07.01 (70)",
                  "product_id": "CSAFPID-22003"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c03.10.11 (70)",
                "product": {
                  "name": "Custom Firmware \u003c03.10.11 (70)",
                  "product_id": "CSAFPID-21004"
                }
              },
              {
                "category": "product_version",
                "name": "03.10.11 (70)",
                "product": {
                  "name": "Custom Firmware 03.10.11 (70)",
                  "product_id": "CSAFPID-22004"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on CC100 0751-9x01",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c3.10.11 (FW22 Patch 2) installed on PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c3.10.11 (FW22 Patch 2) installed on PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware \u003c04.07.01 (FW29) installed on Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on CC100 0751-9x01",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.10.11 installed on PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.10.11 installed on PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-32008"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-32009"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-32010"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-32011"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-32012"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on CC100 0751-9x01",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c03.10.11 (70) installed on PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-31014"
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-31015"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c03.10.11 (70) installed on PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-31016"
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-31017"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-31018"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-31019"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-31020"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-31021"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-31022"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-31023"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-31024"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on CC100 0751-9x01",
          "product_id": "CSAFPID-32013"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 03.10.11 (70) installed on PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-32014"
        },
        "product_reference": "CSAFPID-22004",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-32015"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 03.10.11 (70) installed on PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-32016"
        },
        "product_reference": "CSAFPID-22004",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-32017"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-32018"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-32019"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-32020"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-32021"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-32022"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-32023"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-32024"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11012"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12650",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "description",
          "text": "An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.",
          "title": "Vulnerability Description"
        },
        {
          "category": "other",
          "text": "This issue can cause a crash of the application.",
          "title": "Impact"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to Firmware 4.7.1 (FW29), Firmware 03.10.11. For the latest Custom Firmware, please contact the WAGO support.",
          "group_ids": [
            "CSAFGID-0002"
          ],
          "product_ids": [
            "CSAFPID-32001",
            "CSAFPID-32002",
            "CSAFPID-32003",
            "CSAFPID-32004",
            "CSAFPID-32005",
            "CSAFPID-32006",
            "CSAFPID-32007",
            "CSAFPID-32008",
            "CSAFPID-32009",
            "CSAFPID-32010",
            "CSAFPID-32011",
            "CSAFPID-32012"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024"
          ]
        }
      ],
      "title": "CVE-2024-12650"
    }
  ]
}

CVE-2024-12650 (GCVE-0-2024-12650)

Vulnerability from cvelistv5 – Published: 2025-03-05 11:46 – Updated: 2025-03-05 14:12

Title

Wago: Vulnerability in libwagosnmp

Summary

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-252 - Unchecked Return Value

Assigner

CERTVDE

References

URL

Tags

https://cert.vde.com/en/advisories/VDE-2025-004

Impacted products

Vendor

Product

Version

WAGO

CC100 0751-9x01

Affected: 0 , < 04.07.01 (semver)

WAGO	CC100 0751-9x01	Affected: 0 , < 04.07.01 (semver)
WAGO	Edge Controller 0752-8303/8000-0002	Affected: 0 , < 04.07.01 (semver)
WAGO	Edge Controller 0752-8303/8000-0002	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC100 G1 0750-810x/xxxx-xxxx	Affected: 0 , < 3.10.11 (semver)
WAGO	PFC100 G1 0750-810x/xxxx-xxxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC100 G2 0750-811x-xxxx-xxxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC100 G2 0750-811x-xxxx-xxxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC200 G1 750-820x-xxx-xxx	Affected: 0 , < 3.10.11 (semver)
WAGO	PFC200 G1 750-820x-xxx-xxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC200 G2 750-821x-xxx-xxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC200 G2 750-821x-xxx-xxx	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-420x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-420x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-430x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-430x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-520x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-520x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-530x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-530x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-620x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-620x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-630x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-630x/8000-000x	Affected: 0 , < 04.07.01 (semver)

Credits

Gabriele Quagliarella from Nozomi Networks

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T14:11:34.419639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T14:12:02.004Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.\u003c/p\u003e"
            }
          ],
          "value": "An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-05T11:46:15.486Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2025-004"
        }
      ],
      "source": {
        "advisory": "VDE-2025-004",
        "defect": [
          "CERT@VDE#641731"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Wago: Vulnerability in libwagosnmp",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-12650",
    "datePublished": "2025-03-05T11:46:15.486Z",
    "dateReserved": "2024-12-16T07:37:06.620Z",
    "dateUpdated": "2025-03-05T14:12:02.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2025-004

CVE-2024-12650 (GCVE-0-2024-12650)

Tags

Sightings

Nomenclature