Remote Attacker Could Modify Configuration, Leading to Full System Access and/or DoS
CVE-2024-41969

8.8HIGH

Key Information:

Vendor
Wago
Status
Cc100 0751-9x01
Pfc100 G2 0750-811x-xxxx-xxxx
Pfc200 G2 750-821x-xxx-xxx
Tp600 0762-420x/8000-000x
Vendor
CVE Published:
18 November 2024

Summary

A configuration modification vulnerability in the CODESYS V3 service exists due to missing authentication mechanisms, allowing low privileged remote attackers to alter system configurations. This manipulation can lead to unauthorized access, enabling attackers to make detrimental changes that may compromise the integrity of the system. Additionally, the vulnerability poses risks of denial of service, further impacting system functionality and availability. Immediate action is recommended to secure affected installations.

Affected Version(s)

CC100 0751-9x01 0.0.0 <= 4.5.10 (FW27)

CC100 0751/9x01 0.0.0 <= 04.03.03 (72)

CC100 0751/9x01 0.0.0 <= 04.04.03 (70)

References

https://cert.vde.com/en/advisories/VDE-2024-047

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Diego Giubertoni
Nozomi Networks
.
CVE-2024-41969 : Remote Attacker Could Modify Configuration, Leading to Full System Access and/or DoS | SecurityVulnerability.io