CVE-2020-12522

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

CVSS v3 10.0 CRITICAL
CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2020-045	Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-045	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:wago:pfc_100_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:wago:750-8101\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8102\/025-000:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:wago:pfc_200_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:wago:750-8202\/000-012:-:::::::*
	cpe:2.3:h:wago:750-8202\/000-022:-:::::::*
	cpe:2.3:h:wago:750-8202\/040-000:-:::::::*
	cpe:2.3:h:wago:750-8202\/040-001:-:::::::*
	cpe:2.3:h:wago:750-8206\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8206\/025-001:-:::::::*
	cpe:2.3:h:wago:750-8206\/040-000:-:::::::*
	cpe:2.3:h:wago:750-8206\/040-001:-:::::::*
	cpe:2.3:h:wago:750-8207\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8207\/025-001:-:::::::*
	cpe:2.3:h:wago:750-8208\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8208\/025-001:-:::::::*
	cpe:2.3:h:wago:750-8210\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8210\/040-000:-:::::::*
	cpe:2.3:h:wago:750-8211\/040-000:-:::::::*
	cpe:2.3:h:wago:750-8211\/040-001:-:::::::*
	cpe:2.3:h:wago:750-8212\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8212\/025-001:-:::::::*
	cpe:2.3:h:wago:750-8212\/025-002:-:::::::*
	cpe:2.3:h:wago:750-8212\/040-000:-:::::::*
	cpe:2.3:h:wago:750-8212\/040-010:-:::::::*
	cpe:2.3:h:wago:750-8213\/040-010:-:::::::*
	cpe:2.3:h:wago:750-8216\/025-000:-:::::::*
	cpe:2.3:h:wago:750-8216\/025-001:-:::::::*
	cpe:2.3:h:wago:750-8217\/025-000:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:wago:762-4301\/8000-002:-:::::::*
	cpe:2.3:h:wago:762-4302\/8000-002:-:::::::*
	cpe:2.3:h:wago:762-4303\/8000-002:-:::::::*
	cpe:2.3:h:wago:762-4304\/8000-002:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:wago:762-5303\/8000-002:-:::::::*
	cpe:2.3:h:wago:762-5304\/8000-002:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:wago:762-6201\/8000-001:-:::::::*
	cpe:2.3:h:wago:762-6202\/8000-001:-:::::::*
	cpe:2.3:h:wago:762-6203\/8000-001:-:::::::*
	cpe:2.3:h:wago:762-6204\/8000-001:-:::::::*

History

21 Nov 2024, 04:59

Type	Values Removed	Values Added
CVSS	v2 : ~~10.0~~ v3 : ~~9.8~~	v2 : 10.0 v3 : 10.0
References	~~() https://cert.vde.com/en-us/advisories/vde-2020-045 - Third Party Advisory~~	() https://cert.vde.com/en-us/advisories/vde-2020-045 - Third Party Advisory

Information

Published : 2020-12-17 23:15

Updated : 2024-11-21 04:59

NVD link : CVE-2020-12522

Mitre link : CVE-2020-12522

CVE.ORG link : CVE-2020-12522

JSON object : View

Products Affected

wago

750-8212\/040-010
touch_panel_600_advanced_firmware
750-8206\/025-001
762-6202\/8000-001
750-8212\/040-000
750-8206\/040-001
750-8211\/040-000
762-4304\/8000-002
750-8202\/000-022
pfc_200_firmware
750-8101\/025-000
750-8202\/040-000
750-8202\/040-001
750-8208\/025-000
762-4303\/8000-002
750-8217\/025-000
750-8102\/025-000
750-8216\/025-001
750-8206\/040-000
762-6204\/8000-001
750-8207\/025-000
750-8212\/025-001
762-4302\/8000-002
750-8212\/025-002
750-8207\/025-001
762-6203\/8000-001
750-8202\/000-012
750-8216\/025-000
750-8206\/025-000
750-8212\/025-000
touch_panel_600_standard_firmware
762-4301\/8000-002
750-8211\/040-001
762-5304\/8000-002
750-8213\/040-010
touch_panel_600_marine_firmware
762-6201\/8000-001
762-5303\/8000-002
pfc_100_firmware
750-8208\/025-001
750-8210\/040-000
750-8210\/025-000

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

10.0 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-12522

10.0^/10

10.0^/10

Attach tags to `CVE-2020-12522`