Authentication bypass in WAGO products - CVE-2018-5459
Published: February 14, 2018
Vulnerability identifier: #VU10574
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-5459
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: WAGO
Affected software:
WAGO PFC200 Series 750-8208/025-000
WAGO PFC200 Series 750-8208
WAGO PFC200 Series 750-8207/025-001
WAGO PFC200 Series 750-8207/025-000
WAGO PFC200 Series 750-8207
WAGO PFC200 Series 750-8206/025-001
WAGO PFC200 Series 750-8206/025-000
WAGO PFC200 Series 750-8206
WAGO PFC200 Series 750-8204/025-000
WAGO PFC200 Series 750-8204
WAGO PFC200 Series 750-8203/025-000
WAGO PFC200 Series 750-8203
WAGO PFC200 Series 750-8202/040-001
WAGO PFC200 Series 750-8202/025-002
WAGO PFC200 Series 750-8202/025-001
WAGO PFC200 Series 750-8202/025-000
WAGO PFC200 Series 750-8202
WAGO PFC200 Series 750-8208/025-000
WAGO PFC200 Series 750-8208
WAGO PFC200 Series 750-8207/025-001
WAGO PFC200 Series 750-8207/025-000
WAGO PFC200 Series 750-8207
WAGO PFC200 Series 750-8206/025-001
WAGO PFC200 Series 750-8206/025-000
WAGO PFC200 Series 750-8206
WAGO PFC200 Series 750-8204/025-000
WAGO PFC200 Series 750-8204
WAGO PFC200 Series 750-8203/025-000
WAGO PFC200 Series 750-8203
WAGO PFC200 Series 750-8202/040-001
WAGO PFC200 Series 750-8202/025-002
WAGO PFC200 Series 750-8202/025-001
WAGO PFC200 Series 750-8202/025-000
WAGO PFC200 Series 750-8202
Detailed vulnerability description
The vulnerability allows a remote attacker can bypass authentication on the target system.
The weakness exists due improper authentication. A remote attacker can send specially-crafted TCP packets to Port 2455, bypass authentication, execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due improper authentication. A remote attacker can send specially-crafted TCP packets to Port 2455, bypass authentication, execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-5459
Install update from vendor's website.