CVE-2020-12522

Summary

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

Affected Software

VendorProductVersion RangeStatus
WAGOSeries PFC 100 (750-81xx/xxx-xxx)FW1 <= FW10affected
WAGOSeries PFC 200 (750-82xx/xxx-xxx)FW1 <= FW10affected
WAGOSeries Wago Touch Panel 600 Standard Line (762-4xxx)FW1 <= FW10affected
WAGOSeries Wago Touch Panel 600 Advanced Line (762-5xxx)FW1 <= FW10affected
WAGOSeries Wago Touch Panel 600 Marine Line (762-6xxx)FW1 <= FW10affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

Workarounds

Disable I/O-Check service Restrict network access to the device. Do not directly connect the device to the internet.

ADP Enrichment

CVE Program Container

Additional References

References