File Upload Vulnerability in WAGO e!DISPLAY Devices
CVE-2018-12980

8.8HIGH

Key Information:

Vendor
Wago
Status
762-3000 Firmware
Vendor
CVE Published:
12 July 2018

Summary

A vulnerability has been identified in WAGO e!DISPLAY 762-3000 to 762-3003 devices that allows authenticated users to upload arbitrary files to the device's file system with the web server's permissions. This could potentially lead to further security breaches, including unauthorized access to sensitive information or remote code execution, depending on the nature of the uploaded files.

References

https://cert.vde.com/en-us/advisories/vde-2018-010
x_refsource_MISC
https://www.sec-consult.com/en/blog/advisories/remote-cod...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-12980 : File Upload Vulnerability in WAGO e!DISPLAY Devices | SecurityVulnerability.io