Remote Attack Could Lead to Full Device Access
CVE-2015-10123

8.8HIGH

Key Information:

Vendor
Wago
Status
Controller Bacnet/ip
Controller Bacnet Ms/tp
Ethernet Controller 3rd Generation
Fieldbus Coupler Ethernet 3rd Generation
Vendor
CVE Published:
13 March 2024

Summary

An unauthorized remote attacker can exploit a buffer overflow vulnerability by sending specially crafted packets to vulnerable devices. If an authenticated user accesses a specific page within the web-based management interface, this could trigger the overflow, potentially allowing the attacker to gain full control over the affected system. This vulnerability highlights the importance of ensuring secure protocols and regular updates to safeguard against such unauthorized access risks.

Affected Version(s)

Controller BACnet MS/TP 0

Controller BACnet/IP 0

Ethernet Controller 3rd Generation 0

References

https://cert.vde.com/en/advisories/VDE-2023-039/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-10123 : Remote Attack Could Lead to Full Device Access | SecurityVulnerability.io