Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-41969
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-18 Nov, 2024 | 09:04
Updated At-30 Jan, 2025 | 09:21
Rejected At-
▼CVE Numbering Authority (CNA)
WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.

Affected Products
Vendor
WAGO
Product
CC100 0751-9x01
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
PFC100 G2 0750-811x-xxxx-xxxx
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
PFC200 G2 750-821x-xxx-xxx
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
TP600 0762-420x/8000-000x
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
TP600 0762-430x/8000-000x
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
TP600 0762-520x/8000-000x
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
TP600 0762-530x/8000-000x
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
TP600 0762-620x/8000-000x
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
TP600 0762-630x/8000-000x
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
Edge Controller 0752-8303/8000-0002
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 4.5.10 (FW27) (semver)
Vendor
WAGO
Product
PFC100 G1 0750-810x/xxxx-xxxx
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 3.10.10 (FW22 Patch 1) (semver)
Vendor
WAGO
Product
PFC200 G1 750-820x-xxx-xxx
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 3.10.10 (FW22 Patch 1) (semver)
Vendor
WAGO
Product
PFC200 G1 0750-820x/xxx-xxx
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 03.03.08 (80) (semver)
Vendor
WAGO
Product
PFC200 G2 0750-821x/xxx-xxx
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 04.04.03 (70) (semver)
Vendor
WAGO
Product
CC100 0751/9x01
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 04.03.03 (72) (semver)
Vendor
WAGO
Product
CC100 0751/9x01
Default Status
unaffected
Versions
Affected
  • From 0.0.0 through 04.04.03 (70) (semver)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Diego Giubertoni
reporter
Nozomi Networks
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2024-047
N/A
Hyperlink: https://cert.vde.com/en/advisories/VDE-2024-047
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found