CVE-2020-12505
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 750-852 | unspecified <= FW07 | affected |
| WAGO | 750-880/xxx-xxx | unspecified <= FW07 | affected |
| WAGO | 750-881 | unspecified <= FW07 | affected |
| WAGO | 750-831/xxx-xxx | unspecified <= FW07 | affected |
| WAGO | 750-882 | unspecified <= FW07 | affected |
| WAGO | 750-885/xxx-xxx | unspecified <= FW07 | affected |
| WAGO | 750-889 | unspecified <= FW07 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
Restrict network access to the device. Do not directly connect the device to the internet. Disable unused TCP/UDP ports. Disable web-based management ports 80/443 after the configuration phase
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.