CVE-2020-12522
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Series PFC 100 (750-81xx/xxx-xxx) | FW1 <= FW10 | affected |
| WAGO | Series PFC 200 (750-82xx/xxx-xxx) | FW1 <= FW10 | affected |
| WAGO | Series Wago Touch Panel 600 Standard Line (762-4xxx) | FW1 <= FW10 | affected |
| WAGO | Series Wago Touch Panel 600 Advanced Line (762-5xxx) | FW1 <= FW10 | affected |
| WAGO | Series Wago Touch Panel 600 Marine Line (762-6xxx) | FW1 <= FW10 | affected |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
Workarounds
Disable I/O-Check service Restrict network access to the device. Do not directly connect the device to the internet.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.