CVE-2019-12549

{"id": "CVE-2019-12549", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-06-17T17:15:11.070", "references": [{"url": "https://cert.vde.com/en-us/advisories/vde-2019-013", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.wago.com/us/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key."}, {"lang": "es", "value": "WAGO 852-303 antes de FW06, 852-1305 antes de FW06 y 852-1505 antes de que los dispositivos FW03 contengan claves privadas codificadas para el demonio SSH. La huella dactilar de la clave de host SSH del demonio SSH correspondiente coincide con la clave privada incorporada."}], "lastModified": "2019-06-19T17:51:51.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wago:852-303:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7A4A86F-E211-4C4A-A955-193B54F116E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wago:852-303_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBF70930-3257-4195-A1FF-0C744D8693F7", "versionEndExcluding": "1.2.2.s0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wago:852-1305:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "815000D6-8AED-4D8D-B861-D5CD9D0B0F33"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wago:852-1305_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B9B0F3-735F-46A4-B22C-EBF30C58DB18", "versionEndExcluding": "1.1.6.s0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wago:852-1505:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE946336-8786-40F3-BC14-7D37F77F1A5F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wago:852-1505_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428863B9-CC9C-456D-9188-5354F8AD5D68", "versionEndExcluding": "1.1.5.s0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}