{"containers": {"cna": {"affected": [{"product": "750-331/xxx-xxx", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-352", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-829", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-831/xxx-xxx", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-852", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-880/xxx-xxx", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-881", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-882", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-885", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}, {"product": "750-889", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW1<=FW10"}]}], "credits": [{"lang": "en", "value": "These vulnerabilities were reported to WAGO by: William Knowles, Applied Risk. Coordination done by CERT@VDE."}], "datePublic": "2020-12-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-22T21:14:49.000Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-042"}], "solutions": [{"lang": "en", "value": "Update the device to the latest FW version."}], "source": {"advisory": "VDE-2020-042", "defect": ["VDE-2020-042"], "discovery": "UNKNOWN"}, "title": "WAGO: PLC families 750-88x and 750-352 prone to DoS attack", "workarounds": [{"lang": "en", "value": "Restrict network access to the device.\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-12-09T09:00:00.000Z", "ID": "CVE-2020-12516", "STATE": "PUBLIC", "TITLE": "WAGO: PLC families 750-88x and 750-352 prone to DoS attack"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "750-331/xxx-xxx", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-352", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-829", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-831/xxx-xxx", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-852", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-880/xxx-xxx", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-881", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-882", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-885", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}, {"product_name": "750-889", "version": {"version_data": [{"version_value": "FW1<=FW10"}]}}]}, "vendor_name": "WAGO"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "These vulnerabilities were reported to WAGO by: William Knowles, Applied Risk. Coordination done by CERT@VDE."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01"}, {"name": "https://cert.vde.com/en-us/advisories/vde-2020-042", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2020-042"}]}, "solution": [{"lang": "en", "value": "Update the device to the latest FW version."}], "source": {"advisory": "VDE-2020-042", "defect": ["VDE-2020-042"], "discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Restrict network access to the device.\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:52.085Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-042"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2020-12516", "datePublished": "2020-12-10T03:04:17.186Z", "dateReserved": "2020-04-30T00:00:00.000Z", "dateUpdated": "2024-09-16T22:14:10.360Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "78ECDEAE-9136-4E34-AC21-7990A3AC2F3E", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-352:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C0865A4-6C89-4470-98E3-7E90BDF94D15", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "83695276-2C24-4A4F-8CA8-ACEC00A4E026", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0631884-FF6F-4AA9-9D76-CDECB5A738FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "18E0AB25-8F08-4D39-925F-36A39AB5EA45", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D6739E1-EF0B-48EE-90FC-5708756FC362", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C47C0719-1510-4D5B-93E3-755F063858B9", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFEAC4D9-15CF-44B8-844D-C012AA4637A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CB680C1-A42D-4332-844E-9F1AB9E42A19", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B40CC58-169A-42C7-AE12-53BF4A3434E3", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*", "matchCriteriaId": "57919AAB-2962-4543-810A-C143300351F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-331_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8523397F-F9DE-4525-BA22-EAEACF700E72", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-331:-:*:*:*:*:*:*:*", "matchCriteriaId": "907712D2-72A3-46EB-9438-B35A2880E7BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6712FF6B-6117-4180-A0FA-8EE9276269C9", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*", "matchCriteriaId": "F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37F66F05-5B2A-49D2-B0D8-231E84B48A3A", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1379D65-F376-4618-B708-5E59D64C8033", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D07A46A0-27B3-45FA-BE7E-34495944E1AC", "versionEndIncluding": "fw10", "versionStartIncluding": "fw1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*", "matchCriteriaId": "7712F56E-AEBA-4DE0-9172-26F3D29B369B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack."}, {"lang": "es", "value": "Las versiones de firmware m\u00e1s antiguas (FW1 hasta FW10) de la familia de PLC WAGO 750-88x y 750-352, son vulnerables a un ataque de denegaci\u00f3n de servicio especial."}], "id": "CVE-2020-12516", "lastModified": "2024-11-21T04:59:50.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-10T03:15:11.593", "references": [{"source": "info@cert.vde.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-042"}, {"source": "info@cert.vde.com", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}