Sign-up

ID

VAR-201708-0126


CVE

CVE-2015-6472


TITLE

plural WAGO IO Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2015-007754

DESCRIPTION

WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system

Trust: 2.43

sources: NVD: CVE-2015-6472 // JVNDB: JVNDB-2015-007754 // CNVD: CNVD-2016-05504 // IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f // VULHUB: VHN-84433

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f // CNVD: CNVD-2016-05504

AFFECTED PRODUCTS

vendor:wagomodel:758-870scope:eqversion:01.01.27

Trust: 1.0

vendor:wagomodel:758-870scope:eqversion:01.02.05

Trust: 1.0

vendor:wagomodel:750-881scope:eqversion:01.02.05

Trust: 1.0

vendor:wagomodel:750-849scope:eqversion:01.01.27

Trust: 1.0

vendor:wagomodel:750-849scope:eqversion:01.02.05

Trust: 1.0

vendor:wagomodel:750-881scope:eqversion:01.01.27

Trust: 1.0

vendor:wagomodel:i/o plc 750-849scope: - version: -

Trust: 0.8

vendor:wagomodel:i/o plc 750-881scope: - version: -

Trust: 0.8

vendor:wagomodel:i/o plc 758-870scope: - version: -

Trust: 0.8

vendor:wagomodel:io plcscope:eqversion:758-870

Trust: 0.6

vendor:wagomodel:io plcscope:eqversion:750-849

Trust: 0.6

vendor:wagomodel:i\/o plc 758-870scope:eqversion:01.02.05

Trust: 0.6

vendor:wagomodel:i\/o plc 758-870scope:eqversion:01.01.27

Trust: 0.6

vendor:wagomodel:i\/o plc 750-881scope:eqversion:01.02.05

Trust: 0.6

vendor:wagomodel:i\/o plc 750-849scope:eqversion:01.02.05

Trust: 0.6

vendor:wagomodel:i\/o plc 750-881scope:eqversion:01.01.27

Trust: 0.6

vendor:wagomodel:i\/o plc 750-849scope:eqversion:01.01.27

Trust: 0.6

vendor:wago i o plc 750 849model: - scope:eqversion:01.01.27

Trust: 0.2

vendor:wago i o plc 750 849model: - scope:eqversion:01.02.05

Trust: 0.2

vendor:wago i o plc 750 881model: - scope:eqversion:01.01.27

Trust: 0.2

vendor:wago i o plc 750 881model: - scope:eqversion:01.02.05

Trust: 0.2

vendor:wago i o plc 758 870model: - scope:eqversion:01.01.27

Trust: 0.2

vendor:wago i o plc 758 870model: - scope:eqversion:01.02.05

Trust: 0.2

sources: IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f // CNVD: CNVD-2016-05504 // JVNDB: JVNDB-2015-007754 // CNNVD: CNNVD-201607-390 // NVD: CVE-2015-6472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6472
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-6472
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-05504
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201607-390
value: CRITICAL

Trust: 0.6

IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f
value: MEDIUM

Trust: 0.2

VULHUB: VHN-84433
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6472
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-05504
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84433
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6472
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f // CNVD: CNVD-2016-05504 // VULHUB: VHN-84433 // JVNDB: JVNDB-2015-007754 // CNNVD: CNNVD-201607-390 // NVD: CVE-2015-6472

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-84433 // JVNDB: JVNDB-2015-007754 // NVD: CVE-2015-6472

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-390

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201607-390

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007754

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-84433

PATCH
title:トップページurl:http://global.wago.com/jp/
Trust: 0.8
title:WAGO IO PLC has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/79416
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-05504 // 
            
            
            
            JVNDB: JVNDB-2015-007754

EXTERNAL IDS
db:NVDid:CVE-2015-6472
Trust: 3.3
db:PACKETSTORMid:136077
Trust: 2.5
db:BIDid:84138
Trust: 2.3
db:CNNVDid:CNNVD-201607-390
Trust: 0.9
db:CNVDid:CNVD-2016-05504
Trust: 0.8
db:JVNDBid:JVNDB-2015-007754
Trust: 0.8
db:IVDid:0F92EA1A-46D5-4C59-97AA-B0A9D0C1169F
Trust: 0.2
db:VULHUBid:VHN-84433
Trust: 0.1
sources:
            
            
            IVD: 0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f // 
            
            
            
            CNVD: CNVD-2016-05504 // 
            
            
            
            VULHUB: VHN-84433 // 
            
            
            
            JVNDB: JVNDB-2015-007754 // 
            
            
            
            CNNVD: CNNVD-201607-390 // 
            
            
            
            NVD: CVE-2015-6472

REFERENCES
url:http://packetstormsecurity.com/files/136077/wago-io-plc-758-870-750-849-credential-management-privilege-separation.html
Trust: 2.5
url:http://www.securityfocus.com/bid/84138
Trust: 2.3
url:http://seclists.org/fulldisclosure/2016/mar/4
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6472
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-6472
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-05504 // 
            
            
            
            VULHUB: VHN-84433 // 
            
            
            
            JVNDB: JVNDB-2015-007754 // 
            
            
            
            CNNVD: CNNVD-201607-390 // 
            
            
            
            NVD: CVE-2015-6472

CREDITS
Karn Ganeshen
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201607-390

SOURCES
db:IVDid:0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f
db:CNVDid:CNVD-2016-05504
db:VULHUBid:VHN-84433
db:JVNDBid:JVNDB-2015-007754
db:CNNVDid:CNNVD-201607-390
db:NVDid:CVE-2015-6472

LAST UPDATE DATE
2024-11-23T22:38:27.141000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-05504date:2016-07-27T00:00:00
db:VULHUBid:VHN-84433date:2021-07-09T00:00:00
db:JVNDBid:JVNDB-2015-007754date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201607-390date:2021-07-12T00:00:00
db:NVDid:CVE-2015-6472date:2024-11-21T02:35:02.157

SOURCES RELEASE DATE
db:IVDid:0f92ea1a-46d5-4c59-97aa-b0a9d0c1169fdate:2016-07-27T00:00:00
db:CNVDid:CNVD-2016-05504date:2016-07-27T00:00:00
db:VULHUBid:VHN-84433date:2017-08-22T00:00:00
db:JVNDBid:JVNDB-2015-007754date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201607-390date:2016-03-01T00:00:00
db:NVDid:CVE-2015-6472date:2017-08-22T18:29:00.233