The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00983.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Wago Subscribe
750-330 Subscribe
750-330 Firmware Subscribe
750-352 Subscribe
750-352 Firmware Subscribe
750-829 Subscribe
750-829 Firmware Subscribe
750-830 Subscribe
750-830 Firmware Subscribe
750-831 Subscribe
750-831 Firmware Subscribe
750-849 Subscribe
750-849 Firmware Subscribe
750-852 Subscribe
750-852 Firmware Subscribe
750-871 Subscribe
750-871 Firmware Subscribe
750-872 Subscribe
750-872 Firmware Subscribe
750-873 Subscribe
750-873 Firmware Subscribe
750-880 Subscribe
750-880 Firmware Subscribe
750-881 Subscribe
750-881 Firmware Subscribe
750-882 Subscribe
750-882 Firmware Subscribe
750-884 Subscribe
750-884 Firmware Subscribe
750-885 Subscribe
750-885 Firmware Subscribe
750-889 Subscribe
750-889 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:wago:750-830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-830:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:wago:750-849_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-849:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:wago:750-871_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-871:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:wago:750-872_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-872:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:wago:750-873_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-873:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:wago:750-330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-330:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-352:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:wago:750-884_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-884:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2019-2506 The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.securityfocus.com/bid/108482 cve-icon cve-icon
https://cert.vde.com/de-de/advisories/vde-2019-008 cve-icon cve-icon
https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T22:32:01.465Z

Reserved: 2019-04-02T00:00:00

Link: CVE-2019-10712

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-07T22:29:00.207

Modified: 2024-11-21T04:19:47.313

Link: CVE-2019-10712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses