Details of VAR-201905-1110

ID

VAR-201905-1110

CVE

CVE-2019-10712

TITLE

WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-36951 // CNNVD: CNNVD-201904-768

DESCRIPTION

The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. Wago series 750-88x and 750-87x The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO Series 750-88x and 750-87x have a vulnerability in trust management issues. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates and other attacks. Components. Successfully exploiting this issue allows a remote attacker to change the settings or alter the programming of the device. The following versions of Series 750-88x and 750-87x are affected: 750-330 firmware versions prior to FW14 750-352 firmware versions prior to FW14 750-829 firmware versions prior to FW14 750-831 firmware versions prior to FW14 750-852 firmware versions prior to FW14 750-880 firmware versions prior to FW14 750-881 firmware versions prior to FW14 750-882 firmware versions prior to FW14 750-884 firmware versions prior to FW14 750-885 firmware versions prior to FW14 750-889 firmware versions prior to FW14 750-830 firmware versions prior to FW06 750-849 firmware versions prior to FW08 750-871 firmware versions prior to FW11 750-872 firmware versions prior to FW07 750-873 firmware versions prior to FW07

Trust: 2.52

sources: NVD: CVE-2019-10712 // JVNDB: JVNDB-2019-004431 // CNVD: CNVD-2020-36951 // BID: 108482 // VULMON: CVE-2019-10712

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-36951

AFFECTED PRODUCTS

vendor:	wago	model:	750-880	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-352	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-885	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-330	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-831	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-849	scope:	lt	version:	08	Trust: 1.0
vendor:	wago	model:	750-852	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-871	scope:	lt	version:	11	Trust: 1.0
vendor:	wago	model:	750-881	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-872	scope:	lt	version:	07	Trust: 1.0
vendor:	wago	model:	750-829	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-884	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-873	scope:	lt	version:	07	Trust: 1.0
vendor:	wago	model:	750-889	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-830	scope:	lt	version:	06	Trust: 1.0
vendor:	wago	model:	750-882	scope:	lt	version:	14	Trust: 1.0
vendor:	wago	model:	750-330	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-352	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-829	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-830	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-831	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-849	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-852	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-871	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-872	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-873	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	<fw14	scope:	eq	version:	750-330	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-352	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-829	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-831	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-852	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-880	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-881	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-882	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-884	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-885	Trust: 0.6
vendor:	wago	model:	<fw14	scope:	eq	version:	750-889	Trust: 0.6
vendor:	wago	model:	<fw06	scope:	eq	version:	750-830	Trust: 0.6
vendor:	wago	model:	<fw08	scope:	eq	version:	750-849	Trust: 0.6
vendor:	wago	model:	<fw11	scope:	eq	version:	750-871	Trust: 0.6
vendor:	wago	model:	<fw07	scope:	eq	version:	750-872	Trust: 0.6
vendor:	wago	model:	<fw07	scope:	eq	version:	750-873	Trust: 0.6
vendor:	wago	model:	series	scope:	eq	version:	750-8890	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8850	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8840	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8820	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8810	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8800	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8730	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8720	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8710	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8520	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8490	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8310	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8300	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-8290	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-3520	Trust: 0.3
vendor:	wago	model:	series	scope:	eq	version:	750-3300	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-88914	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-88514	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-88414	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-88214	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-88114	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-88014	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-87307	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-87207	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-87111	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-85214	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-84908	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-83114	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-83006	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-82914	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-35214	Trust: 0.3
vendor:	wago	model:	series	scope:	ne	version:	750-33014	Trust: 0.3

sources: CNVD: CNVD-2020-36951 // BID: 108482 // JVNDB: JVNDB-2019-004431 // NVD: CVE-2019-10712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10712
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-10712
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-36951
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201904-768
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2019-10712
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-10712
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-36951
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10712
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2020-36951 // VULMON: CVE-2019-10712 // JVNDB: JVNDB-2019-004431 // CNNVD: CNNVD-201904-768 // NVD: CVE-2019-10712

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-004431 // NVD: CVE-2019-10712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-768

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-768

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004431

PATCH

title:	トップページ	url:	http://global.wago.com/jp/	Trust: 0.8
title:	Patch for WAGO 750-88x Series and WAGO 750-87x Series Trust Management Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/225033	Trust: 0.6
title:	WAGO 750-88x Series and WAGO 750-87x Series Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91566	Trust: 0.6

sources: CNVD: CNVD-2020-36951 // JVNDB: JVNDB-2019-004431 // CNNVD: CNNVD-201904-768

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10712	Trust: 3.4
db:	CERT@VDE	id:	VDE-2019-008	Trust: 2.5
db:	ICS CERT	id:	ICSA-19-106-02	Trust: 2.4
db:	BID	id:	108482	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004431	Trust: 0.8
db:	CNVD	id:	CNVD-2020-36951	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1311	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-768	Trust: 0.6
db:	VULMON	id:	CVE-2019-10712	Trust: 0.1

sources: CNVD: CNVD-2020-36951 // VULMON: CVE-2019-10712 // BID: 108482 // JVNDB: JVNDB-2019-004431 // CNNVD: CNNVD-201904-768 // NVD: CVE-2019-10712

REFERENCES

url:	http://www.securityfocus.com/bid/108482	Trust: 3.0
url:	https://cert.vde.com/de-de/advisories/vde-2019-008	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10712	Trust: 1.4
url:	https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3ccommits.cassandra.apache.org%3e	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-106-02	Trust: 1.0
url:	http://www.wago.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10712	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-106-02	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-106-02	Trust: 0.6
url:	https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf@%3ccommits.cassandra.apache.org%3e	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79170	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-36951 // VULMON: CVE-2019-10712 // BID: 108482 // JVNDB: JVNDB-2019-004431 // CNNVD: CNNVD-201904-768 // NVD: CVE-2019-10712

CREDITS

J??rn Schneeweisz/Recurity Labs,Reported by J?rn Schneeweisz/Recurity Labs to CERT-Bund coordinated by CERT@VDE with NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201904-768

SOURCES

db:	CNVD	id:	CNVD-2020-36951
db:	VULMON	id:	CVE-2019-10712
db:	BID	id:	108482
db:	JVNDB	id:	JVNDB-2019-004431
db:	CNNVD	id:	CNNVD-201904-768
db:	NVD	id:	CVE-2019-10712

LAST UPDATE DATE

2024-11-23T23:08:24.457000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-36951	date:	2020-07-09T00:00:00
db:	VULMON	id:	CVE-2019-10712	date:	2023-11-07T00:00:00
db:	BID	id:	108482	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-004431	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201904-768	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-10712	date:	2024-11-21T04:19:47.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-36951	date:	2020-07-09T00:00:00
db:	VULMON	id:	CVE-2019-10712	date:	2019-05-07T00:00:00
db:	BID	id:	108482	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-004431	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201904-768	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2019-10712	date:	2019-05-07T22:29:00.207