Vulnerability in WAGO 852 Series Devices Affects SSH and TELNET Security
CVE-2019-12550

9.8CRITICAL

Key Information:

Vendor

Wago

Status
852-303 Firmware
Vendor
CVE Published:
17 June 2019

What is CVE-2019-12550?

WAGO 852-303, 852-1305, and 852-1505 devices prior to specified firmware versions are exposed to potential unauthorized access due to hardcoded usernames and passwords. This vulnerability allows attackers to gain access to the device over SSH and TELNET protocols, which could lead to unauthorized control and manipulation of critical industrial operations. Users are advised to update their firmware and eliminate reliance on default credentials to mitigate risks associated with this flaw.

References

https://www.wago.com/us/
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
x_refsource_MISC
https://cert.vde.com/en-us/advisories/vde-2019-013
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.