CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2020-12522 – Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
https://notcve.org/view.php?id=CVE-2020-12522
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. La vulnerabilidad reportada permite a un atacante que tiene acceso de red al dispositivo ejecutar código con paquetes especialmente diseñados en WAGO Serie PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) con versiones de firmware anteriores a FW10 incluyéndola • https://cert.vde.com/en-us/advisories/vde-2020-045 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-12516 – WAGO: PLC families 750-88x and 750-352 prone to DoS attack
https://notcve.org/view.php?id=CVE-2020-12516
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. Las versiones de firmware más antiguas (FW1 hasta FW10) de la familia de PLC WAGO 750-88x y 750-352, son vulnerables a un ataque de denegación de servicio especial. • https://cert.vde.com/en-us/advisories/vde-2020-042 https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-12506 – WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
https://notcve.org/view.php?id=CVE-2020-12506
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. La vulnerabilidad de autenticación inadecuada en la serie WAGO 750-8XX con versión FW versiones anteriores e iguales a FW03 permite a un atacante cambiar la configuración de los dispositivos mediante el envío de solicitudes específicamente construidas sin autenticación Este problema afecta a: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx en versiones FW03 y anteriores. • https://cert.vde.com/en-us/advisories/vde-2020-028 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-12505 – WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
https://notcve.org/view.php?id=CVE-2020-12505
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below. La vulnerabilidad de autenticación inadecuada en la serie WAGO 750-8XX con versión FW anteriores o iguales a FW07 permite a un atacante cambiar algunos parámetros especiales sin autenticación. Este problema afecta a: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 en versiones FW07 y anteriores • https://cert.vde.com/en-us/advisories/vde-2020-027 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6090
https://notcve.org/view.php?id=CVE-2020-6090
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad Web-Based Management (WBM) de WAGO PFC 200 versión 03.03.10 (15). Una serie especialmente diseñada de peticiones HTTP puede causar una ejecución de código resultando en una ejecución de código remota. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010 • CWE-345: Insufficient Verification of Data Authenticity •