Details of VAR-201209-0451

ID

VAR-201209-0451

CVE

CVE-2012-4879

TITLE

Linux Run on the console WAGO I/O System 758 model Industrial PC Vulnerability to obtain login privileges on devices

Trust: 0.8

sources: JVNDB: JVNDB-2012-004192

DESCRIPTION

The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. WAGO IPC is a compact industrial PC suitable for control applications. Wago I%2Fo System 758 Industrial Pc Device is prone to a remote security vulnerability

Trust: 2.43

sources: NVD: CVE-2012-4879 // JVNDB: JVNDB-2012-004192 // CNVD: CNVD-2012-4984 // BID: 78104

AFFECTED PRODUCTS

vendor:	wago	model:	i\/o system 758 industrial pc device	scope:	eq	version:	758-876	Trust: 1.6
vendor:	wago	model:	i\/o system 758 industrial pc device	scope:	eq	version:	758-874	Trust: 1.6
vendor:	wago	model:	i\/o system 758 industrial pc device	scope:	eq	version:	758-870	Trust: 1.6
vendor:	wago	model:	i\/o system 758 industrial pc device	scope:	eq	version:	758-875	Trust: 1.6
vendor:	wago	model:	i/o system 758 model industrial pc device	scope:	eq	version:	758-870 (linux)	Trust: 0.8
vendor:	wago	model:	i/o system 758 model industrial pc device	scope:	eq	version:	758-874 (linux)	Trust: 0.8
vendor:	wago	model:	i/o system 758 model industrial pc device	scope:	eq	version:	758-875 (linux)	Trust: 0.8
vendor:	wago	model:	i/o system 758 model industrial pc device	scope:	eq	version:	758-876 (linux)	Trust: 0.8
vendor:	wago	model:	wago	scope:	eq	version:	758-875	Trust: 0.6
vendor:	wago	model:	wago	scope:	eq	version:	758-874	Trust: 0.6
vendor:	wago	model:	wago	scope:	eq	version:	758-870	Trust: 0.6
vendor:	wago	model:	i/o system industrial pc device	scope:	eq	version:	758758-876	Trust: 0.3
vendor:	wago	model:	i%2fo system industrial pc device	scope:	eq	version:	758758-875	Trust: 0.3
vendor:	wago	model:	i%2fo system industrial pc device	scope:	eq	version:	758758-874	Trust: 0.3
vendor:	wago	model:	i%2fo system industrial pc device	scope:	eq	version:	758758-870	Trust: 0.3

sources: CNVD: CNVD-2012-4984 // BID: 78104 // JVNDB: JVNDB-2012-004192 // CNNVD: CNNVD-201209-090 // NVD: CVE-2012-4879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4879
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-4879
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201209-090
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2012-4879
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2012-004192 // CNNVD: CNNVD-201209-090 // NVD: CVE-2012-4879

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2012-004192 // NVD: CVE-2012-4879

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-090

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201209-090

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004192

PATCH

title:	Security Settings in WAGO 758 Series IPCs	url:	http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf	Trust: 0.8
title:	Top Page	url:	http://www.wago.com/cps/rde/xchg/SID-77903FBC-EA550981/wago/style.xsl/jpn-index.html	Trust: 0.8
title:	Patch for WAGO IPC model built-in password security bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/21813	Trust: 0.6

sources: CNVD: CNVD-2012-4984 // JVNDB: JVNDB-2012-004192

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4879	Trust: 3.3
db:	ICS CERT	id:	ICSA-12-249-02	Trust: 2.7
db:	JVNDB	id:	JVNDB-2012-004192	Trust: 0.8
db:	CNVD	id:	CNVD-2012-4984	Trust: 0.6
db:	NSFOCUS	id:	20752	Trust: 0.6
db:	CNNVD	id:	CNNVD-201209-090	Trust: 0.6
db:	BID	id:	78104	Trust: 0.3

sources: CNVD: CNVD-2012-4984 // BID: 78104 // JVNDB: JVNDB-2012-004192 // CNNVD: CNNVD-201209-090 // NVD: CVE-2012-4879

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-249-02.pdf	Trust: 2.7
url:	http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4879	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4879	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20752	Trust: 0.6

sources: CNVD: CNVD-2012-4984 // BID: 78104 // JVNDB: JVNDB-2012-004192 // CNNVD: CNNVD-201209-090 // NVD: CVE-2012-4879

CREDITS

Unknown

Trust: 0.3

sources: BID: 78104

SOURCES

db:	CNVD	id:	CNVD-2012-4984
db:	BID	id:	78104
db:	JVNDB	id:	JVNDB-2012-004192
db:	CNNVD	id:	CNNVD-201209-090
db:	NVD	id:	CVE-2012-4879

LAST UPDATE DATE

2025-04-11T22:48:20.975000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4984	date:	2012-09-10T00:00:00
db:	BID	id:	78104	date:	2012-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-004192	date:	2012-09-11T00:00:00
db:	CNNVD	id:	CNNVD-201209-090	date:	2012-09-12T00:00:00
db:	NVD	id:	CVE-2012-4879	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4984	date:	2012-09-10T00:00:00
db:	BID	id:	78104	date:	2012-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-004192	date:	2012-09-11T00:00:00
db:	CNNVD	id:	CNNVD-201209-090	date:	2012-09-12T00:00:00
db:	NVD	id:	CVE-2012-4879	date:	2012-09-07T00:55:01.363