ID
VAR-E-201711-0104
TITLE
CODESYS Runtime 'plclinux_rt' Multiple Authentication Bypass Vulnerabilities
Trust: 0.3
sources:
BID: 102113
DESCRIPTION
CODESYS Runtime is prone to multiple authentication-bypass vulnerabilities.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
Trust: 0.3
sources:
BID: 102113
AFFECTED PRODUCTS
| vendor: | wago | model: | pfc200 | scope: | eq | version: | 02.07.07(10) | Trust: 0.3 |
| vendor: | wago | model: | pfc200 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | 3s smart | model: | codesys control runtime toolkit | scope: | eq | version: | 2.4.7.0 | Trust: 0.3 |
sources:
BID: 102113
EXPLOIT
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Trust: 0.3
sources:
BID: 102113
PRICE
Free
Trust: 0.3
sources:
BID: 102113
TYPE
Access Validation Error
Trust: 0.3
sources:
BID: 102113
CREDITS
T. Weber (Office Vienna) of SEC Consult Vulnerability Lab.
Trust: 0.3
sources:
BID: 102113
EXTERNAL IDS
| db: | ICS CERT ALERT | id: | ICS-ALERT-17-341-01 | Trust: 0.3 |
| db: | BID | id: | 102113 | Trust: 0.3 |
sources:
BID: 102113
REFERENCES
| url: | https://ics-cert.us-cert.gov/alerts/ics-alert-17-341-01 | Trust: 0.3 |
| url: | https://www.sec-consult.com/en/blog/advisories/wago-pfc-200-series-critical-codesys-vulnerabilities/index.html | Trust: 0.3 |
sources:
BID: 102113
SOURCES
| db: | BID | id: | 102113 |
LAST UPDATE DATE
2022-07-27T09:49:19.898000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 102113 | date: | 2017-12-19T22:01:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 102113 | date: | 2017-11-30T00:00:00 |