Detections
Analytics
CODESYS WAGO WebVisu Password Information Disclosure Vulnerability
medium Nessus Plugin ID 77377
Language:
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote host is running a vulnerable version of CODESYS WebVisu on a WAGO Application controller. By sending a specially crafted request, it is possible to extract password information for users on the device.Solution
The vendor has not yet provided a solution. As a workaround, delete the 'webvisu.jar' file in the plc directory.See Also
Plugin Details
Severity: Medium
ID: 77377
File Name: scada_codesys_webvisu_2_3_9_44.nbin
Version: Revision
Type: remote
Family: SCADA
Published: 8/25/2014
Updated: 8/25/2014
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:3s-smart_software_solutions:codesys_webvisu
Required KB Items: installed_sw/CODESYS WebVisu
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 7/10/2014
Reference Information
BID: 68485