WAGO: Cloud Connectivity Multiple Vulnerabilities

The Cloud Connectivity of the WAGO PLCs is used to connect the device with the cloud services from different providers. It also supports maintenance functionality with the firmware update function from the WAGO cloud.
An attacker needs an authorized login with administrative privileges on the device in order to exploit the mentioned vulnerabilities.


CVE-2019-5160: 9.1
CVE-2019-5156: 7.2
CVE-2019-5157: 7.2
CVE-2019-5155: 7.2

WAGO: Web-Based Management Denial of Service

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for commissioning and update. The controller is an embedded device which has limited resources. The vulnerability described here takes advantage of this fact.
With special crafted requests it is possible to have a denial of service of the WBM.


CVE-2019-5149: 7.5

WAGO: Web-Based Management Authentication Vulnerabilities

With special crafted requests it is possible to get sensitive information, in this case the password hashes, by measuring response delay. With a substantial amount of time this data can be used to calculate the passwords of the Web-Based Management users. In case of CVE 2019-5134 , the password salt can also be extracted.


CVE-2019-5134: 7.5
CVE-2019-5135: 5.3

WAGO: e!Cockpit cleartext communication and hardcoded key

The communication between e!Cockpit and the programmable logic controller is not encrypted. The broken cryptographic algorithm allows an attacker to decode the password for the e!Cockpit communication and with this to manipulate the application.

The password used by e!Cockpit for authentication against the PLC is encrypted with a hard- coded key. An attacker is able to decrypt the password by listening to the network traffic.


CVE-2019-5107: 7.5
CVE-2019-5106: 5.5

WAGO: Multiple Vulnerabilities in I/O-Check Service in Multiple Devices

The reported vulnerabilities allow a remote attacker to change the setting, delete the application, set the device to factory defaults, code execution and to cause a system crash or denial of service.

Note(s)

The following products are affected by the listed vulnerabilities:

Series PFC100 (750-81xx/xxx-xxx)
Series PFC200 (750-82xx/xxx-xxx)

The following products are affected by the vulnerability CVE-2019-5078

750-852, 750-831/xxx-xxx, 750-881, 750-880/xxx-xxx, 750-889
750-823, 750-832/xxx-xxx, 750-862, 750-890/xxx-xxx, 750-891

 


CVE-2019-5075: 9.8
CVE-2019-5081: 9.8
CVE-2019-5079: 9.8
CVE-2019-5082: 9.8
CVE-2019-5074: 9.8
CVE-2019-5078: 9.1
CVE-2019-5073: 5.3

WAGO: Series PFC100/PFC200 Information Disclosure

The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations.

Update, 18.9.2019, 18:30

  • fixed typo in modelname, replaced PCF with PFC


CVE-2019-18202: 5.3

WAGO: Multiple Vulnerabilities in industrial managed switches

Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.


CVE-2015-0235: 10.0
CVE-2014-9761: 9.8
CVE-2019-12549: 9.8
CVE-2016-2148: 9.8
CVE-2019-12550: 9.8
CVE-2014-9984: 9.8
CVE-2017-16544: 8.8
CVE-2014-9402: 7.8
CVE-2015-1472: 7.5
CVE-2016-6301: 7.5
CVE-2011-5325: 7.5
CVE-2016-2147: 7.5
CVE-2014-4043: 7.5
CVE-2012-4412: 7.5
CVE-2010-0296: 7.2
CVE-2013-1813: 7.2
CVE-2010-3856: 7.2
CVE-2011-2716: 6.8
CVE-2015-9261: 5.5

WAGO: 750-8xx Controller Denial of Service

The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets.

Please consult the original paper for details (link at the bottom of this advisory).


no CVE assigned

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0