CVE-2024-41969 - Vulnerability Details

Link	Providers
https://cert.vde.com/en/advisories/VDE-2024-047

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
Title		WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
Weaknesses		CWE-306
References		https://cert.vde.com/en/advisories/VDE-2024-047
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41969", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2024-07-25T09:07:31.464Z", "datePublished": "2024-11-18T09:04:13.691Z", "dateUpdated": "2025-01-30T09:21:40.910Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "4.5.10 (FW27)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "3.10.10 (FW22 Patch 1)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G1 0750-820x/xxx-xxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "03.03.08 (80)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G2 0750-821x/xxx-xxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "04.03.03 (72)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CC100 0751/9x01", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "04.04.03 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A low privileged remote attacker may&nbsp;modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.&nbsp;<br>"}], "value": "A low privileged remote attacker may\u00a0modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-01-30T09:21:40.910Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-047"}], "source": {"advisory": "VDE-2024-047", "defect": ["CERT@VDE#641658"], "discovery": "UNKNOWN"}, "title": "WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-09T22:09:24.613269Z", "id": "CVE-2024-41969", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-10T16:59:37.246Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-41969 (string)

assignerOrgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

state : PUBLISHED (string)

assignerShortName : CERTVDE (string)

dateReserved : 2024-07-25T09:07:31.464Z (string)

datePublished : 2024-11-18T09:04:13.691Z (string)

dateUpdated : 2025-01-30T09:21:40.910Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : CC100 0751-9x01 (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : PFC100 G2 0750-811x-xxxx-xxxx (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : PFC200 G2 750-821x-xxx-xxx (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : TP600 0762-420x/8000-000x (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : TP600 0762-430x/8000-000x (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

5 : { »

defaultStatus : unaffected (string)

product : TP600 0762-520x/8000-000x (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

6 : { »

defaultStatus : unaffected (string)

product : TP600 0762-530x/8000-000x (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

7 : { »

defaultStatus : unaffected (string)

product : TP600 0762-620x/8000-000x (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

8 : { »

defaultStatus : unaffected (string)

product : TP600 0762-630x/8000-000x (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

9 : { »

defaultStatus : unaffected (string)

product : Edge Controller 0752-8303/8000-0002 (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 4.5.10 (FW27) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

10 : { »

defaultStatus : unaffected (string)

product : PFC100 G1 0750-810x/xxxx-xxxx (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 3.10.10 (FW22 Patch 1) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

11 : { »

defaultStatus : unaffected (string)

product : PFC200 G1 750-820x-xxx-xxx (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 3.10.10 (FW22 Patch 1) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

12 : { »

defaultStatus : unaffected (string)

product : PFC200 G1 0750-820x/xxx-xxx (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 03.03.08 (80) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

13 : { »

defaultStatus : unaffected (string)

product : PFC200 G2 0750-821x/xxx-xxx (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 04.04.03 (70) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

14 : { »

defaultStatus : unaffected (string)

product : CC100 0751/9x01 (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 04.03.03 (72) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

15 : { »

defaultStatus : unaffected (string)

product : CC100 0751/9x01 (string)

vendor : WAGO (string)

versions : [ »

0 : { »

lessThanOrEqual : 04.04.03 (70) (string)

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Diego Giubertoni (string)

}

1 : { »

lang : en (string)

type : reporter (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Nozomi Networks (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. <br> (string)

}

]

value : A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-306 (string)

description : CWE-306 Missing Authentication for Critical Function (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

shortName : CERTVDE (string)

dateUpdated : 2025-01-30T09:21:40.910Z (string)

}

references : [ »

0 : { »

url : https://cert.vde.com/en/advisories/VDE-2024-047 (string)

}

]

source : { »

advisory : VDE-2024-047 (string)

defect : [ »

0 : CERT@VDE#641658 (string)

]

discovery : UNKNOWN (string)

}

title : WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-12-09T22:09:24.613269Z (string)

id : CVE-2024-41969 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-12-10T16:59:37.246Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41969", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-09T22:09:24.613269Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-10T16:59:32.790Z"}}], "cna": {"title": "WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices", "source": {"defect": ["CERT@VDE#641658"], "advisory": "VDE-2024-047", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WAGO", "product": "CC100 0751-9x01", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G2 750-821x-xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-420x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-430x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-520x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-530x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-620x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-630x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Edge Controller 0752-8303/8000-0002", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "4.5.10 (FW27)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "3.10.10 (FW22 Patch 1)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G1 750-820x-xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "3.10.10 (FW22 Patch 1)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G1 0750-820x/xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "03.03.08 (80)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G2 0750-821x/xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "04.04.03 (70)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "CC100 0751/9x01", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "04.03.03 (72)"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "CC100 0751/9x01", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "04.04.03 (70)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-047"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A low privileged remote attacker may\u00a0modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.", "supportingMedia": [{"type": "text/html", "value": "A low privileged remote attacker may&nbsp;modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.&nbsp;<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-01-30T09:21:40.910Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41969", "state": "PUBLISHED", "dateUpdated": "2025-01-30T09:21:40.910Z", "dateReserved": "2024-07-25T09:07:31.464Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2024-11-18T09:04:13.691Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-41969 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-12-09T22:09:24.613269Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-12-10T16:59:32.790Z (string)

}

]

cna : { »

title : WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices (string)

source : { »

defect : [ »

0 : CERT@VDE#641658 (string)

]

advisory : VDE-2024-047 (string)

discovery : UNKNOWN (string)

}

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Diego Giubertoni (string)

}

1 : { »

lang : en (string)

type : reporter (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Nozomi Networks (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 8.8 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : LOW (string)

confidentialityImpact : HIGH (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : WAGO (string)

product : CC100 0751-9x01 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : WAGO (string)

product : PFC100 G2 0750-811x-xxxx-xxxx (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : WAGO (string)

product : PFC200 G2 750-821x-xxx-xxx (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

3 : { »

vendor : WAGO (string)

product : TP600 0762-420x/8000-000x (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

4 : { »

vendor : WAGO (string)

product : TP600 0762-430x/8000-000x (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

5 : { »

vendor : WAGO (string)

product : TP600 0762-520x/8000-000x (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

6 : { »

vendor : WAGO (string)

product : TP600 0762-530x/8000-000x (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

7 : { »

vendor : WAGO (string)

product : TP600 0762-620x/8000-000x (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

8 : { »

vendor : WAGO (string)

product : TP600 0762-630x/8000-000x (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

9 : { »

vendor : WAGO (string)

product : Edge Controller 0752-8303/8000-0002 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.10 (FW27) (string)

}

]

defaultStatus : unaffected (string)

}

10 : { »

vendor : WAGO (string)

product : PFC100 G1 0750-810x/xxxx-xxxx (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 3.10.10 (FW22 Patch 1) (string)

}

]

defaultStatus : unaffected (string)

}

11 : { »

vendor : WAGO (string)

product : PFC200 G1 750-820x-xxx-xxx (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 3.10.10 (FW22 Patch 1) (string)

}

]

defaultStatus : unaffected (string)

}

12 : { »

vendor : WAGO (string)

product : PFC200 G1 0750-820x/xxx-xxx (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 03.03.08 (80) (string)

}

]

defaultStatus : unaffected (string)

}

13 : { »

vendor : WAGO (string)

product : PFC200 G2 0750-821x/xxx-xxx (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 04.04.03 (70) (string)

}

]

defaultStatus : unaffected (string)

}

14 : { »

vendor : WAGO (string)

product : CC100 0751/9x01 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 04.03.03 (72) (string)

}

]

defaultStatus : unaffected (string)

}

15 : { »

vendor : WAGO (string)

product : CC100 0751/9x01 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 04.04.03 (70) (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://cert.vde.com/en/advisories/VDE-2024-047 (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. <br> (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-306 (string)

description : CWE-306 Missing Authentication for Critical Function (string)

}

]

}

]

providerMetadata : { »

orgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

shortName : CERTVDE (string)

dateUpdated : 2025-01-30T09:21:40.910Z (string)

}

cveMetadata : { »

cveId : CVE-2024-41969 (string)

state : PUBLISHED (string)

dateUpdated : 2025-01-30T09:21:40.910Z (string)

dateReserved : 2024-07-25T09:07:31.464Z (string)

assignerOrgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

datePublished : 2024-11-18T09:04:13.691Z (string)

assignerShortName : CERTVDE (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A low privileged remote attacker may\u00a0modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS."}, {"lang": "es", "value": "Un atacante remoto con pocos privilegios puede modificar la configuraci\u00f3n del servicio CODESYS V3 a trav\u00e9s de una vulnerabilidad de autenticaci\u00f3n faltante, lo que podr\u00eda provocar acceso total al sistema y/o DoS."}], "id": "CVE-2024-41969", "lastModified": "2024-11-18T17:11:17.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2024-11-18T09:15:05.637", "references": [{"source": "info@cert.vde.com", "url": "https://cert.vde.com/en/advisories/VDE-2024-047"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. (string)

}

1 : { »

lang : es (string)

value : Un atacante remoto con pocos privilegios puede modificar la configuración del servicio CODESYS V3 a través de una vulnerabilidad de autenticación faltante, lo que podría provocar acceso total al sistema y/o DoS. (string)

}

]

id : CVE-2024-41969 (string)

lastModified : 2024-11-18T17:11:17.393 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : info@cert.vde.com (string)

type : Primary (string)

}

]

}

published : 2024-11-18T09:15:05.637 (string)

references : [ »

0 : { »

source : info@cert.vde.com (string)

url : https://cert.vde.com/en/advisories/VDE-2024-047 (string)

}

]

sourceIdentifier : info@cert.vde.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-306 (string)

}

]

source : info@cert.vde.com (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object