// For flags

CVE-2018-12980

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

Se ha descubierto un problema en dispositivos WAGO e!DISPLAY 762-3000 hasta el 762-3003 con firmware en versiones anteriores a la FW 02. La vulnerabilidad permite que un usuario autenticado suba archivos arbitrarios al sistema de archivos con los permisos del servidor web.

WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-06-28 CVE Reserved
  • 2018-07-11 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-10-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wago
Search vendor "Wago"
762-3000 Firmware
Search vendor "Wago" for product "762-3000 Firmware"
< 02
Search vendor "Wago" for product "762-3000 Firmware" and version " < 02"
-
Affected
in Wago
Search vendor "Wago"
762-3000
Search vendor "Wago" for product "762-3000"
--
Safe
Wago
Search vendor "Wago"
762-3001 Firmware
Search vendor "Wago" for product "762-3001 Firmware"
< 02
Search vendor "Wago" for product "762-3001 Firmware" and version " < 02"
-
Affected
in Wago
Search vendor "Wago"
762-3001
Search vendor "Wago" for product "762-3001"
--
Safe
Wago
Search vendor "Wago"
762-3002 Firmware
Search vendor "Wago" for product "762-3002 Firmware"
< 02
Search vendor "Wago" for product "762-3002 Firmware" and version " < 02"
-
Affected
in Wago
Search vendor "Wago"
762-3002
Search vendor "Wago" for product "762-3002"
--
Safe
Wago
Search vendor "Wago"
762-3003 Firmware
Search vendor "Wago" for product "762-3003 Firmware"
< 02
Search vendor "Wago" for product "762-3003 Firmware" and version " < 02"
-
Affected
in Wago
Search vendor "Wago"
762-3003
Search vendor "Wago" for product "762-3003"
--
Safe