Privilege Separation Vulnerability in WAGO IO PLC Products
CVE-2015-6473

9.8CRITICAL

Key Information:

Vendor

Wago

Status
750-849 Firmware
Vendor
CVE Published:
22 August 2017

What is CVE-2015-6473?

The WAGO IO 750-849 and 750-881 models have a vulnerability related to the lack of privilege separation, which can lead to unauthorized access and potential exploitation by attackers. This issue arises from inadequate user privilege management within the devices, potentially allowing malicious actors to execute unauthorized commands or access sensitive resources.

References

http://seclists.org/fulldisclosure/2016/Mar/4
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/84138
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-7...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.