SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-817962389] WAGO PFC200 Series

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-02-13OtherWAGOReid Wightman of Dragos discovered the vulnerability in the CoDeSys Runtime application. T. Weber of SEC Consult reported this vN/ACVE-2018-5459 N/AN/AN/A

Source

						
							
								
#
# WAGO PFC200 Series
#


### VULNERABLE VENDOR
WAGO


### VULNERABLE PRODUCT
PFC200 Series 


### RESEARCHER
Reid Wightman of Dragos discovered the vulnerability in the CoDeSys Runtime application. T. Weber of SEC Consult reported this vulnerability to WAGO.


### AFFECTED PRODUCTS
The following 3S CoDeSys Runtime versions of the PFC200 Series are affected:

CoDeSys Version 2.3.X
CoDeSys Version 2.4.X
The affected CoDeSys Runtime version is part of WAGO PFC200 Firmware prior to 02.07.07(10), affected PFC200 devices:

750-8202,
750-8202/025-000,
750-8202/025-001,
750-8202/025-002,
750-8202/040-001,
750-8203,
750-8203/025-000,
750-8204,
750-8204/025-000,
750-8206,
750-8206/025-000,
750-8206/025-001,
750-8207,
750-8207/025-000,
750-8207/025-001,
750-8208, and
750-8208/025-000



### IMPACT
Successful exploitation of this vulnerability could allow a remote attacker unauthorized access to the PLC to perform operations on the file system without authentication.


### VULNERABILITY OVERVIEW
IMPROPER AUTHENTICATION CWE-287
An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455.
An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
CVE-2018-5459 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States, Germany, Switzerland, Poland, China, and India




### MITIGATION

WAGO released a security patch with FW11 available at:

http://global.wago.com/media/2_products/security/Sec-Advisory_CoDeSys.pdf