CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9362
https://notcve.org/view.php?id=CVE-2016-9362
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. Ha sido descubierto un problema en WAGO 750-8202/PFC200 anterior a FW04 (publicado en agosto de 2015), WAGO 750-881 anterior a FW09 (publicado en agosto de 2016) y WAGO 0758-0874-0000-0111. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malicioso puede editar y ver la configuración sin autenticarse. • http://www.securityfocus.com/bid/95074 https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 2CVE-2015-6472 – WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation
https://notcve.org/view.php?id=CVE-2015-6472
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 01.01.27 y 01.02.05, WAGO IO 750-881, y WAGO IO 758-870 tienen una gestión de credenciales débil. WAGO IO PLC versions 758-870 and 750-849 suffer from weak credential management, lack of privilege separation, insecure ftp configuration, and weak filesystem permissions. • http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html http://seclists.org/fulldisclosure/2016/Mar/4 http://www.securityfocus.com/bid/84138 • CWE-255: Credentials Management Errors •