CVE-2020-12505

Summary

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.

Affected Software

VendorProductVersion RangeStatus
WAGO750-852unspecified <= FW07affected
WAGO750-880/xxx-xxxunspecified <= FW07affected
WAGO750-881unspecified <= FW07affected
WAGO750-831/xxx-xxxunspecified <= FW07affected
WAGO750-882unspecified <= FW07affected
WAGO750-885/xxx-xxxunspecified <= FW07affected
WAGO750-889unspecified <= FW07affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Restrict network access to the device. Do not directly connect the device to the internet. Disable unused TCP/UDP ports. Disable web-based management ports 80/443 after the configuration phase

ADP Enrichment

CVE Program Container

Additional References

References