WAGO I/O SYSTEM 758 Series Insecure Credential Vulnerabilities Network Vulnerability

Summary

The WAGO IPC 758 series are prone to a security-bypass vulnerability caused by a set of hard-coded passwords. Successful attacks can allow a remote attacker to gain unauthorized access to the vulnerable device, using the HTTP or TELNET service.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3013
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4879
http://www.securityfocus.com/bid/52940
http://www.securityfocus.com/bid/52942
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-097-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf
http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3013, CVE-2012-4879

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CAREL pCOWeb Default Account Security Bypass Vulnerability
Default password (db2as) for db2as
Schneider Electric Quantum Ethernet Module Hardcoded Credentials Authentication Bypass Vulnerability
Schneider Modicon M340 Default Credentials
Xerox Printer Default Account Authentication Bypass Vulnerability

Take action and discover your vulnerabilities