Sign-up

ID

VAR-201912-0777


CVE

CVE-2019-5078


TITLE

WAGO PFC200 Access Control Error Vulnerability

Trust: 0.8

sources: IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8 // CNVD: CNVD-2019-46399

DESCRIPTION

An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. WAGO PFC200 has an access control error vulnerability

Trust: 2.34

sources: NVD: CVE-2019-5078 // JVNDB: JVNDB-2019-013746 // CNVD: CNVD-2019-46399 // IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8 // CNVD: CNVD-2019-46399

AFFECTED PRODUCTS

vendor:wagomodel:pfc200scope:eqversion:03.01.07(13)

Trust: 1.4

vendor:wagomodel:pfc200scope:eqversion:03.00.39(12)

Trust: 1.4

vendor:wagomodel:pfc100scope:eqversion:03.00.39(12)

Trust: 1.4

vendor:wagomodel:pfc 100scope:eqversion:03.00.39\(12\)

Trust: 1.0

vendor:wagomodel:pfc 200scope:eqversion:03.00.39\(12\)

Trust: 1.0

vendor:wagomodel:pfc 200scope:eqversion:03.01.07\(13\)

Trust: 1.0

vendor:wagomodel:pfc 200scope:eqversion:03.00.3912

Trust: 0.6

vendor:wagomodel:pfc 100scope:eqversion:03.00.3912

Trust: 0.6

vendor:wagomodel:pfc 200scope:eqversion: -

Trust: 0.6

vendor:wagomodel:pfc 100scope:eqversion: -

Trust: 0.6

vendor:wagomodel:pfc 200scope:eqversion:03.01.0713

Trust: 0.6

vendor:pfc 200model: - scope:eqversion:03.00.39(12)

Trust: 0.2

vendor:pfc 200model: - scope:eqversion:03.01.07(13)

Trust: 0.2

vendor:pfc 100model: - scope:eqversion:03.00.39(12)

Trust: 0.2

sources: IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8 // CNVD: CNVD-2019-46399 // JVNDB: JVNDB-2019-013746 // CNNVD: CNNVD-201912-733 // NVD: CVE-2019-5078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5078
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-5078
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-46399
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-733
value: CRITICAL

Trust: 0.6

IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2019-5078
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-46399
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-5078
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-5078
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8 // CNVD: CNVD-2019-46399 // JVNDB: JVNDB-2019-013746 // CNNVD: CNNVD-201912-733 // NVD: CVE-2019-5078

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-013746 // NVD: CVE-2019-5078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-733

TYPE

Access control error

Trust: 0.8

sources: IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8 // CNNVD: CNNVD-201912-733

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013746

PATCH
title:Top Pageurl:https://www.wago.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013746

EXTERNAL IDS
db:NVDid:CVE-2019-5078
Trust: 3.2
db:TALOSid:TALOS-2019-0870
Trust: 3.0
db:CNVDid:CNVD-2019-46399
Trust: 0.8
db:CNNVDid:CNNVD-201912-733
Trust: 0.8
db:JVNDBid:JVNDB-2019-013746
Trust: 0.8
db:ICS CERTid:ICSA-20-065-01
Trust: 0.6
db:AUSCERTid:ESB-2020.0842
Trust: 0.6
db:IVDid:188ECB88-1B7C-4AB4-9617-D7DD2D2084B8
Trust: 0.2
sources:
            
            
            IVD: 188ecb88-1b7c-4ab4-9617-d7dd2d2084b8 // 
            
            
            
            CNVD: CNVD-2019-46399 // 
            
            
            
            JVNDB: JVNDB-2019-013746 // 
            
            
            
            CNNVD: CNNVD-201912-733 // 
            
            
            
            NVD: CVE-2019-5078

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0870
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-5078
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0870
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5078
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-20-065-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0842/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46399 // 
            
            
            
            JVNDB: JVNDB-2019-013746 // 
            
            
            
            CNNVD: CNNVD-201912-733 // 
            
            
            
            NVD: CVE-2019-5078

CREDITS
Discovered by Kelly Leuschner of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-733

SOURCES
db:IVDid:188ecb88-1b7c-4ab4-9617-d7dd2d2084b8
db:CNVDid:CNVD-2019-46399
db:JVNDBid:JVNDB-2019-013746
db:CNNVDid:CNNVD-201912-733
db:NVDid:CVE-2019-5078

LAST UPDATE DATE
2024-11-23T21:51:49.247000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-46399date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013746date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-733date:2020-03-10T00:00:00
db:NVDid:CVE-2019-5078date:2024-11-21T04:44:18.513

SOURCES RELEASE DATE
db:IVDid:188ecb88-1b7c-4ab4-9617-d7dd2d2084b8date:2019-12-20T00:00:00
db:CNVDid:CNVD-2019-46399date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013746date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-733date:2019-12-16T00:00:00
db:NVDid:CVE-2019-5078date:2019-12-18T21:15:14.083