A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2024-047 |
History
Tue, 10 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 18 Nov 2024 09:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | |
Title | WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices | |
Weaknesses | CWE-306 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2024-11-18T09:04:13.691Z
Updated: 2024-12-10T16:59:37.246Z
Reserved: 2024-07-25T09:07:31.464Z
Link: CVE-2024-41969
Vulnrichment
Updated: 2024-12-10T16:59:32.790Z
NVD
Status : Awaiting Analysis
Published: 2024-11-18T09:15:05.637
Modified: 2024-11-18T17:11:17.393
Link: CVE-2024-41969
Redhat
No data.