CODESYS WAGO WebVisu Password Information Disclosure Vulnerability
Medium Nessus Plugin ID 77377
SynopsisThe remote host is affected by an information disclosure vulnerability.
DescriptionThe remote host is running a vulnerable version of CODESYS WebVisu on a WAGO Application controller. By sending a specially crafted request, it is possible to extract password information for users on the device.
SolutionThe vendor has not yet provided a solution. As a workaround, delete the 'webvisu.jar' file in the plc directory.