Remote Attacker Could Modify Configuration, Leading to Full System Access and/or DoS
CVE-2024-41969

8.8HIGH

Key Information:

Vendor: Wago
Status: Cc100 0751-9x01; Pfc100 G2 0750-811x-xxxx-xxxx; Pfc200 G2 750-821x-xxx-xxx; Tp600 0762-420x/8000-000x
Vendor: CVE Published:; 18 November 2024

What is CVE-2024-41969?

A configuration modification vulnerability in the CODESYS V3 service exists due to missing authentication mechanisms, allowing low privileged remote attackers to alter system configurations. This manipulation can lead to unauthorized access, enabling attackers to make detrimental changes that may compromise the integrity of the system. Additionally, the vulnerability poses risks of denial of service, further impacting system functionality and availability. Immediate action is recommended to secure affected installations.

Affected Version(s)

CC100 0751-9x01 0.0.0 <= 4.5.10 (FW27)

CC100 0751/9x01 0.0.0 <= 04.03.03 (72)

CC100 0751/9x01 0.0.0 <= 04.04.03 (70)

References

https://cert.vde.com/en/advisories/VDE-2024-047

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Jul 25, 2024

Credit

Diego Giubertoni

Nozomi Networks

Wago

What is CVE-2024-41969?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit