CVE-2015-10123

Wago: Buffer Copy without Checking Size of Input in wbm of multiple products

CVSS 8.8 HIGHEPSS 0.6%CWE-120

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 0.6%KEV nãoPoC —Patch —

Ciclo de vida

13 mar 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

WAGO · Controller BACnet/IP WAGO · Controller BACnet MS/TP WAGO · Ethernet Controller 3rd Generation WAGO · Fieldbus Coupler Ethernet 3rd Generation

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert.vde.com/en/advisories/VDE-2023-039/