CVE-2020-12506

Summary

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.

Affected Software

VendorProductVersion RangeStatus
WAGO750-362unspecified <= FW03affected
WAGO750-363unspecified <= FW03affected
WAGO750-823unspecified <= FW03affected
WAGO750-832/xxx-xxxunspecified <= FW03affected
WAGO750-862unspecified <= FW03affected
WAGO750-891unspecified <= FW03affected
WAGO750-890/xxx-xxxunspecified <= FW03affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Restrict network access to the device. Do not directly connect the device to the internet. Disable unused TCP/UDP ports. Disable web-based management ports 80/443 after the configuration phase

ADP Enrichment

CVE Program Container

Additional References

References