Vulnerability Details : CVE-2015-6473
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
Exploit prediction scoring system (EPSS) score for CVE-2015-6473
Probability of exploitation activity in the next 30 days: 0.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-6473
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-6473
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6473
-
http://seclists.org/fulldisclosure/2016/Mar/4
Full Disclosure: WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilitiesExploit;Mailing List;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html
WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/84138
Multiple WAGO I/O PLC Products Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2015-6473
- cpe:2.3:o:wago:750-849_firmware:01.01.27:*:*:*:*:*:*:*
- cpe:2.3:o:wago:758-870_firmware:01.01.27:*:*:*:*:*:*:*
- cpe:2.3:o:wago:758-870_firmware:01.02.05:*:*:*:*:*:*:*