Sign-up

ID

VAR-201802-1047


CVE

CVE-2018-5459


TITLE

WAGO PFC200 series 3S CoDeSys Runtime Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002446

DESCRIPTION

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. WAGO PFC200 series 3S CoDeSys Runtime Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a bus editable logic controller module from WAGO, Germany

Trust: 2.43

sources: NVD: CVE-2018-5459 // JVNDB: JVNDB-2018-002446 // CNVD: CNVD-2018-03481 // IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1 // VULMON: CVE-2018-5459

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1 // CNVD: CNVD-2018-03481

AFFECTED PRODUCTS

vendor:wagomodel:pfc200scope:ltversion:02.07.07\(10\)

Trust: 1.0

vendor:wagomodel:pfc200scope: - version: -

Trust: 0.8

vendor:wagomodel:pfc200 series 3s codesys runtimescope:eqversion:2.3.x

Trust: 0.6

vendor:wagomodel:pfc200 series 3s codesys runtimescope:eqversion:2.4.x

Trust: 0.6

vendor:pfc200model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1 // CNVD: CNVD-2018-03481 // JVNDB: JVNDB-2018-002446 // NVD: CVE-2018-5459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5459
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5459
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-03481
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201802-950
value: CRITICAL

Trust: 0.6

IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1
value: CRITICAL

Trust: 0.2

VULMON: CVE-2018-5459
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5459
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-03481
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-5459
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1 // CNVD: CNVD-2018-03481 // VULMON: CVE-2018-5459 // JVNDB: JVNDB-2018-002446 // CNNVD: CNNVD-201802-950 // NVD: CVE-2018-5459

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-002446 // NVD: CVE-2018-5459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-950

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201802-950

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002446

PATCH
title:Top Pageurl:http://global.wago.com/jp/
Trust: 0.8
title:WAGO PFC200 Series Patch for Incorrect Authentication Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/117903
Trust: 0.6
title:WAGO PFC200 Series 3S CoDeSys Runtime Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100278
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03481 // 
            
            
            
            JVNDB: JVNDB-2018-002446 // 
            
            
            
            CNNVD: CNNVD-201802-950

EXTERNAL IDS
db:NVDid:CVE-2018-5459
Trust: 3.3
db:ICS CERTid:ICSA-18-044-01
Trust: 3.1
db:CNVDid:CNVD-2018-03481
Trust: 0.8
db:CNNVDid:CNNVD-201802-950
Trust: 0.8
db:JVNDBid:JVNDB-2018-002446
Trust: 0.8
db:IVDid:E2E3EDCF-39AB-11E9-A1CC-000C29342CB1
Trust: 0.2
db:VULMONid:CVE-2018-5459
Trust: 0.1
sources:
            
            
            IVD: e2e3edcf-39ab-11e9-a1cc-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-03481 // 
            
            
            
            VULMON: CVE-2018-5459 // 
            
            
            
            JVNDB: JVNDB-2018-002446 // 
            
            
            
            CNNVD: CNNVD-201802-950 // 
            
            
            
            NVD: CVE-2018-5459

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-044-01
Trust: 3.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5459
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5459
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=56812
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03481 // 
            
            
            
            VULMON: CVE-2018-5459 // 
            
            
            
            JVNDB: JVNDB-2018-002446 // 
            
            
            
            CNNVD: CNNVD-201802-950 // 
            
            
            
            NVD: CVE-2018-5459

SOURCES
db:IVDid:e2e3edcf-39ab-11e9-a1cc-000c29342cb1
db:CNVDid:CNVD-2018-03481
db:VULMONid:CVE-2018-5459
db:JVNDBid:JVNDB-2018-002446
db:CNNVDid:CNNVD-201802-950
db:NVDid:CVE-2018-5459

LAST UPDATE DATE
2024-11-23T22:34:20.209000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03481date:2018-02-26T00:00:00
db:VULMONid:CVE-2018-5459date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-002446date:2018-04-12T00:00:00
db:CNNVDid:CNNVD-201802-950date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5459date:2024-11-21T04:08:50.547

SOURCES RELEASE DATE
db:IVDid:e2e3edcf-39ab-11e9-a1cc-000c29342cb1date:2018-02-26T00:00:00
db:CNVDid:CNVD-2018-03481date:2018-02-26T00:00:00
db:VULMONid:CVE-2018-5459date:2018-02-13T00:00:00
db:JVNDBid:JVNDB-2018-002446date:2018-04-12T00:00:00
db:CNNVDid:CNNVD-201802-950date:2018-02-13T00:00:00
db:NVDid:CVE-2018-5459date:2018-02-13T21:29:00.207