CVE-2016-9362

Summary

CVE	CVE-2016-9362
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-02-13 21:59:00 UTC
Updated	2017-06-28 14:08:00 UTC
Description	An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Wago	750-8202	-	All	All	All
Hardware	Wago	750-8202	-	All	All	All
Hardware	Wago	750-881	-	All	All	All
Hardware	Wago	750-881	-	All	All	All
Operating System	Wago	750-xxxx Series Firmware	-	All	All	All
Operating System	Wago	750-xxxx Series Firmware	-	All	All	All
Hardware	Wago	758-874-0000-0111	-	All	All	All
Hardware	Wago	758-874-0000-0111	-	All	All	All
Operating System	Wago	758-xxxx Series Firmware	-	All	All	All
Operating System	Wago	758-xxxx Series Firmware	-	All	All	All
Hardware	Wago	Pfc200	-	All	All	All
Hardware	Wago	Pfc200	-	All	All	All
Operating System	Wago	Pfc200 Firmware	-	All	All	All
Operating System	Wago	Pfc200 Firmware	-	All	All	All

References

Reference	Source	Link	Tags
Multiple WAGO Products CVE-2016-9362 Authentication Bypass Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
WAGO Ethernet Web-based Management Authentication Bypass Vulnerability \| ICS-CERT	MISC	ics-cert.us-cert.gov	Third Party Advisory, US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590460 WAGO Ethernet Web-based Management Authentication Bypass Vulnerability Vulnerability (ICSA-16-357-02)