Remote Code Execution Vulnerability in WAGO e!DISPLAY Devices
CVE-2018-12981

5.4MEDIUM

Key Information:

Vendor
Wago
Status
762-3000 Firmware
Vendor
CVE Published:
12 July 2018

Summary

A vulnerability exists in the WAGO e!DISPLAY 762-3000 to 762-3003 devices running firmware versions prior to FW 02. This flaw can be exploited by both authenticated and unauthenticated users, who can send specially crafted requests to the web server. This allows an attacker to inject malicious code that may be rendered or executed in the browser of the user, potentially leading to unauthorized access and manipulation of sensitive information.

References

https://cert.vde.com/en-us/advisories/vde-2018-010
x_refsource_MISC
https://www.sec-consult.com/en/blog/advisories/remote-cod...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-12981 : Remote Code Execution Vulnerability in WAGO e!DISPLAY Devices | SecurityVulnerability.io