Wago has a patch to mitigate an improper authentication vulnerability in its PFC200 Series, according to a report with ICS-CERT.
This is a follow-up to an earlier report. Public exploits are available for the remotely exploitable vulnerability, discovered by Reid Wightman of CODESYS who found the issues in the CoDeSys Runtime application. T. Weber of SEC Consult reported this vulnerability to WAGO.
The following 3S CoDeSys Runtime versions of the PFC200 Series are affected:
• CoDeSys Version 2.3.X
• CoDeSys Version 2.4.X
The affected CoDeSys Runtime version is part of WAGO PFC200 Firmware prior to 02.07.07(10), affected PFC200 devices:
Successful exploitation of this vulnerability could allow a remote attacker unauthorized access to the PLC to perform operations on the file system without authentication.
An attacker with low skill level could leverage the vulnerability.
In the vulnerability, an attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
CVE-2018-5459 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees action in the commercial facilities, critical manufacturing, energy, and transportation systems sectors. It also sees use on a global basis.
The company has offices in United States, Germany, Switzerland, Poland, China, and India
WAGO released a security patch with FW1.