CVE-2020-12505
WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
Severity Score
8.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
La vulnerabilidad de autenticación inadecuada en la serie WAGO 750-8XX con versión FW anteriores o iguales a FW07 permite a un atacante cambiar algunos parámetros especiales sin autenticación. Este problema afecta a: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 en versiones FW07 y anteriores
*Credits:
Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO., coordinated by CERT@VDE
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-30 CVE Reserved
- 2020-09-30 CVE Published
- 2023-06-16 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://cert.vde.com/en-us/advisories/vde-2020-027 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | 750-852 Firmware Search vendor "Wago" for product "750-852 Firmware" | <= fw07 Search vendor "Wago" for product "750-852 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-852 Search vendor "Wago" for product "750-852" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-880 Firmware Search vendor "Wago" for product "750-880 Firmware" | <= fw07 Search vendor "Wago" for product "750-880 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-880 Search vendor "Wago" for product "750-880" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-881 Firmware Search vendor "Wago" for product "750-881 Firmware" | <= fw07 Search vendor "Wago" for product "750-881 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-881 Search vendor "Wago" for product "750-881" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-831 Firmware Search vendor "Wago" for product "750-831 Firmware" | <= fw07 Search vendor "Wago" for product "750-831 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-831 Search vendor "Wago" for product "750-831" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-882 Firmware Search vendor "Wago" for product "750-882 Firmware" | <= fw07 Search vendor "Wago" for product "750-882 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-882 Search vendor "Wago" for product "750-882" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-885 Firmware Search vendor "Wago" for product "750-885 Firmware" | <= fw07 Search vendor "Wago" for product "750-885 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-885 Search vendor "Wago" for product "750-885" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-889 Firmware Search vendor "Wago" for product "750-889 Firmware" | <= fw07 Search vendor "Wago" for product "750-889 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-889 Search vendor "Wago" for product "750-889" | - | - |
Safe
|