CVE-2018-5459
First published: Tue Feb 13 2018(Updated: )
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC200 Firmware | <02.07.07\(10\) | |
| WAGO 750-8202 | ||
| Wago 750-8202\/025-000 | ||
| Wago 750-8202\/025-001 | ||
| Wago 750-8202\/025-002 | ||
| Wago 750-8202\/040-001 | ||
| Wago 750-8203 | ||
| Wago 750-8203\/025-000 | ||
| Wago 750-8204 | ||
| Wago 750-8204\/025-000 | ||
| Wago 750-8206 | ||
| Wago 750-8206\/025-000 | ||
| Wago 750-8206\/025-001 | ||
| Wago 750-8207 | ||
| Wago 750-8207\/025-000 | ||
| Wago 750-8207\/025-001 | ||
| Wago 750-8208 | ||
| Wago 750-8208\/025-000 | ||
| WAGO PFC200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5459?
The severity of CVE-2018-5459 is critical with a score of 9.8 out of 10.
What is the affected software for CVE-2018-5459?
The affected software for CVE-2018-5459 includes WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X.
What is the vulnerability description of CVE-2018-5459?
CVE-2018-5459 is an Improper Authentication issue in WAGO PFC200 Series 3S CoDeSys Runtime which allows an attacker to execute unauthenticated remote operations.
What is the reference link for CVE-2018-5459?
For more information about CVE-2018-5459, you can refer to the advisory issued by the ICS-CERT.
How can I fix CVE-2018-5459?
To fix CVE-2018-5459, it is recommended to update to the latest version of WAGO PFC200 Series 3S CoDeSys Runtime.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/wago
- canonical/wago pfc200 firmware
- canonical/wago 750-8202
- canonical/wago 750-8202\/025-000
- canonical/wago 750-8202\/025-001
- canonical/wago 750-8202\/025-002
- canonical/wago 750-8202\/040-001
- canonical/wago 750-8203
- canonical/wago 750-8203\/025-000
- canonical/wago 750-8204
- canonical/wago 750-8204\/025-000
- canonical/wago 750-8206
- canonical/wago 750-8206\/025-000
- canonical/wago 750-8206\/025-001
- canonical/wago 750-8207
- canonical/wago 750-8207\/025-000
- canonical/wago 750-8207\/025-001
- canonical/wago 750-8208
- canonical/wago 750-8208\/025-000
- canonical/wago pfc200