CODESYS WAGO WebVisu Password Information Disclosure Vulnerability

Medium Nessus Plugin ID 77377


The remote host is affected by an information disclosure vulnerability.


The remote host is running a vulnerable version of CODESYS WebVisu on a WAGO Application controller. By sending a specially crafted request, it is possible to extract password information for users on the device.


The vendor has not yet provided a solution. As a workaround, delete the 'webvisu.jar' file in the plc directory.

See Also

Plugin Details

Severity: Medium

ID: 77377

File Name: scada_codesys_webvisu_2_3_9_44.nbin

Version: $Revision$

Type: remote

Family: SCADA

Published: 2014/08/25

Dependencies: 77376

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:3s-smart_software_solutions:codesys_webvisu

Required KB Items: installed_sw/CODESYS WebVisu

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2014/07/10

Reference Information

BID: 68485