CVE-2018-5459
https://notcve.org/view.php?id=CVE-2018-5459
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. Se ha descubierto un problema de autenticación indebida en WAGO PFC200 Series 3S CoDeSys Runtime, versiones 2.3.X y 2.4.X. Un atacante puede ejecutar diferentes operaciones remotas sin autenticación gracias a la aplicación CoDeSys Runtime, que está disponible en red por defecto en el puerto 2455. • https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 • CWE-287: Improper Authentication •
CVE-2016-9362
https://notcve.org/view.php?id=CVE-2016-9362
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. Ha sido descubierto un problema en WAGO 750-8202/PFC200 anterior a FW04 (publicado en agosto de 2015), WAGO 750-881 anterior a FW09 (publicado en agosto de 2016) y WAGO 0758-0874-0000-0111. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malicioso puede editar y ver la configuración sin autenticarse. • http://www.securityfocus.com/bid/95074 https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02 • CWE-287: Improper Authentication •