CVE-2018-12980
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
Se ha descubierto un problema en dispositivos WAGO e!DISPLAY 762-3000 hasta el 762-3003 con firmware en versiones anteriores a la FW 02. La vulnerabilidad permite que un usuario autenticado suba archivos arbitrarios al sistema de archivos con los permisos del servidor web.
WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-06-28 CVE Reserved
- 2018-07-11 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (6)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | 762-3000 Firmware Search vendor "Wago" for product "762-3000 Firmware" | < 02 Search vendor "Wago" for product "762-3000 Firmware" and version " < 02" | - |
Affected
| in | Wago Search vendor "Wago" | 762-3000 Search vendor "Wago" for product "762-3000" | - | - |
Safe
|
Wago Search vendor "Wago" | 762-3001 Firmware Search vendor "Wago" for product "762-3001 Firmware" | < 02 Search vendor "Wago" for product "762-3001 Firmware" and version " < 02" | - |
Affected
| in | Wago Search vendor "Wago" | 762-3001 Search vendor "Wago" for product "762-3001" | - | - |
Safe
|
Wago Search vendor "Wago" | 762-3002 Firmware Search vendor "Wago" for product "762-3002 Firmware" | < 02 Search vendor "Wago" for product "762-3002 Firmware" and version " < 02" | - |
Affected
| in | Wago Search vendor "Wago" | 762-3002 Search vendor "Wago" for product "762-3002" | - | - |
Safe
|
Wago Search vendor "Wago" | 762-3003 Firmware Search vendor "Wago" for product "762-3003 Firmware" | < 02 Search vendor "Wago" for product "762-3003 Firmware" and version " < 02" | - |
Affected
| in | Wago Search vendor "Wago" | 762-3003 Search vendor "Wago" for product "762-3003" | - | - |
Safe
|