CVSS: 9.8EPSS: 7%CPEs: 32EXPL: 0CVE-2019-10712
https://notcve.org/view.php?id=CVE-2019-10712
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. Los dispositivos Web-GUI de las series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) y 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) de WAGO disponen de acceso a servicios no documentados. • http://www.securityfocus.com/bid/108482 https://cert.vde.com/de-de/advisories/vde-2019-008 https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e&# • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-10953
https://notcve.org/view.php?id=CVE-2019-10953
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. En Controladores lógicos programables de ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - , versiones múltiples. Los investigadores han encontrado que algunos controladores son susceptibles a un ataque de Denegación de Servicio (DoS) debido a una inundación de paquetes de red. • http://www.securityfocus.com/bid/108413 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-16210
https://notcve.org/view.php?id=CVE-2018-16210
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. Los dispositivos controladores Ethernet WAGO 750-88X y WAGO 750-89X, versiones 01.09.18 (13) y anteriores, tienen XSS en la configuración SNMP a traves del archivo webserv/cplcfg/snmp.ssi en los campos SNMP_DESC o SNMP_LOC_SNMP_CONT. • https://www.exploit-db.com/exploits/45581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 3CVE-2018-12980 – WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12980
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. Se ha descubierto un problema en dispositivos WAGO e!DISPLAY 762-3000 hasta el 762-3003 con firmware en versiones anteriores a la FW 02. • https://www.exploit-db.com/exploits/45014 http://seclists.org/fulldisclosure/2018/Jul/38 https://cert.vde.com/en-us/advisories/vde-2018-010 https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02 https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 3CVE-2018-12979 – WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12979
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. Se ha descubierto un problema en dispositivos WAGO e!DISPLAY 762-3000 hasta el 762-3003 con firmware en versiones anteriores a la FW 02. • https://www.exploit-db.com/exploits/45014 http://seclists.org/fulldisclosure/2018/Jul/38 https://cert.vde.com/en-us/advisories/vde-2018-010 https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02 https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU • CWE-732: Incorrect Permission Assignment for Critical Resource •