|2018-02-13||Other||WAGO||Reid Wightman of Dragos discovered the vulnerability in the CoDeSys Runtime application. T. Weber of SEC Consult reported this v||N/A||CVE-2018-5459 ||N/A||N/A||N/A|
# WAGO PFC200 Series
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
Reid Wightman of Dragos discovered the vulnerability in the CoDeSys Runtime application. T. Weber of SEC Consult reported this vulnerability to WAGO.
### AFFECTED PRODUCTS
The following 3S CoDeSys Runtime versions of the PFC200 Series are affected:
CoDeSys Version 2.3.X
CoDeSys Version 2.4.X
The affected CoDeSys Runtime version is part of WAGO PFC200 Firmware prior to 02.07.07(10), affected PFC200 devices:
Successful exploitation of this vulnerability could allow a remote attacker unauthorized access to the PLC to perform operations on the file system without authentication.
### VULNERABILITY OVERVIEW
IMPROPER AUTHENTICATION CWE-287
An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455.
An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
CVE-2018-5459 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States, Germany, Switzerland, Poland, China, and India
WAGO released a security patch with FW11 available at: