• 1
  • 2 (current)

WAGO: Web-Based Management Denial of Service

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for commissioning and update. The controller is an embedded device which has limited resources. The vulnerability described here takes advantage of this fact.
With special crafted requests it is possible to have a denial of service of the WBM.



With special crafted requests it is possible to get sensitive information, in this case the password hashes, by measuring response delay. With a substantial amount of time this data can be used to calculate the passwords of the Web-Based Management users. In case of CVE 2019-5134 , the password salt can also be extracted.



The communication between e!Cockpit and the programmable logic controller is not encrypted. The broken cryptographic algorithm allows an attacker to decode the password for the e!Cockpit communication and with this to manipulate the application.

The password used by e!Cockpit for authentication against the PLC is encrypted with a hard- coded key. An attacker is able to decrypt the password by listening to the network traffic.



Multiple Vulnerabilities exist in components used by the aforementioned products. See CVE-Details for more information.



  • 1
  • 2 (current)

Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0