CERTVDEVULNRICHMENT:CVE-2015-10123CVE-2015-10123 Wago: Buffer Copy without Checking Size of Input in wbm of multiple products
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.
ADP Affected
[
{
"cpes": [
"cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-352_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-831_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-829_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-852_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-880_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-881_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-882_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-885_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-889_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "wago",
"product": "750-884_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "FW13"
}
],
"defaultStatus": "unaffected"
}
]References
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total