Backdoor accounts in WAGO Industrial Managed Switches
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-12550 CVE-2019-12549 |
| CWE-ID | CWE-798 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
WAGO Industrial Managed Switch 852-1505 Hardware solutions / Routers & switches, VoIP, GSM, etc WAGO Industrial Managed Switch 852-1305 Hardware solutions / Routers & switches, VoIP, GSM, etc WAGO Industrial Managed Switch 852-303 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | WAGO |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use of hard-coded credentials
EUVDB-ID: #VU18795
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12550
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected device using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWAGO Industrial Managed Switch 852-1505: before 1.1.5.S0
WAGO Industrial Managed Switch 852-1305: before 1.1.6.S0
WAGO Industrial Managed Switch 852-303: before 1.2.2.S0
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of hard-coded credentials
EUVDB-ID: #VU18796
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12549
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded SSH key that cannot be regenerated. A remote unauthenticated attacker with access to the key can compromise the affected device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWAGO Industrial Managed Switch 852-1505: before 1.1.5.S0
WAGO Industrial Managed Switch 852-1305: before 1.1.6.S0
WAGO Industrial Managed Switch 852-303: before 1.2.2.S0
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
