WAGO Multiple Remote Vulnerabilities
BID:51598
Info
WAGO Multiple Remote Vulnerabilities
| Bugtraq ID: | 51598 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 20 2012 12:00AM |
| Updated: | Jun 19 2012 10:10PM |
| Credit: | Alexandr Polyakov from DSecRG |
| Vulnerable: |
WAGO WAGO 758-874 0 WAGO WAGO 750-841 0 |
| Not Vulnerable: | |
Discussion
WAGO Multiple Remote Vulnerabilities
WAGO is prone to multiple security vulnerabilities, including:
1. A security-bypass vulnerability
2. Multiple information-disclosure vulnerabilities
3. A cross-site request forgery vulnerability
Successful attacks can allow an attacker to obtain sensitive information, bypass certain security restrictions, and perform unauthorized administrative actions.
WAGO is prone to multiple security vulnerabilities, including:
1. A security-bypass vulnerability
2. Multiple information-disclosure vulnerabilities
3. A cross-site request forgery vulnerability
Successful attacks can allow an attacker to obtain sensitive information, bypass certain security restrictions, and perform unauthorized administrative actions.
Exploit / POC
WAGO Multiple Remote Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
References
WAGO Multiple Remote Vulnerabilities
References:
References:
- [DSECRG-12-001] WAGO PLC - default passwords [0-day] (Alexandr Polyakov from DSecRG)
- [DSECRG-12-002] WAGO PLC 750 - unauthorized firmware download [0-day] (Digital Security Research Group)
- [DSECRG-12-003] WAGO PLC 750 - information disclosure [0-day] (Digital Security Research Group)
- [DSECRG-12-004] WAGO PLC 750 - CSRF password change [0-day] (Digital Security Research Group)
- Wago Homepage (Wago)
- ICS-ALERT-12-020-07�??WAGO I/O 750 MULTIPLE VULNERABILITES (ICS-CERT)