CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0CVE-2018-5459
https://notcve.org/view.php?id=CVE-2018-5459
13 Feb 2018 — An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. Se ha descubie... • https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9362
https://notcve.org/view.php?id=CVE-2016-9362
13 Feb 2017 — An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. Ha sido descubierto un problema en WAGO 750-8202/PFC200 anterior a FW04 (publicado en agosto de 2015), WAGO 750-881 anterior a FW09 (publicado en agosto de 2016) y WAGO 0758-0874-0000-0111. Acc... • http://www.securityfocus.com/bid/95074 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 3CVE-2015-6472 – WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation
https://notcve.org/view.php?id=CVE-2015-6472
04 Mar 2016 — WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 01.01.27 y 01.02.05, WAGO IO 750-881, y WAGO IO 758-870 tienen una gestión de credenciales débil. WAGO IO PLC versions 758-870 and 750-849 suffer from weak credential management, lack of privilege separation, insecure ftp configuration, and weak filesystem permissions. • https://packetstorm.news/files/id/136077 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 3CVE-2015-6473 – WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation
https://notcve.org/view.php?id=CVE-2015-6473
04 Mar 2016 — WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. WAGO IO 750-849 01.01.27 y WAGO IO 750-881 01.02.05 no contienen separación de privilegios. WAGO IO PLC versions 758-870 and 750-849 suffer from weak credential management, lack of privilege separation, insecure ftp configuration, and weak filesystem permissions. • https://packetstorm.news/files/id/136077 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4879
https://notcve.org/view.php?id=CVE-2012-4879
07 Sep 2012 — The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. La Consola Linux en WAGO I/O System 758 modelo 758-870, 758-874, y 758-875 I... • http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3013
https://notcve.org/view.php?id=CVE-2012-3013
07 Sep 2012 — WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. WAGO I/O System 758 modelo 758-870, 758-874, y 758-875 Industrial PC (IPC), tiene contraseñas por defecto para cuentas de gestión vía web no especificadas, lo que hace más sencillo a atacantes remotos obtener acceso administrativo a través de una sesión T... • http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf • CWE-255: Credentials Management Errors •