WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
CVE-2020-12505

8.2HIGH

Key Information:

Vendor: Wago
Status: 750-852; 750-880/xxx-xxx; 750-881; 750-831/xxx-xxx
Vendor: CVE Published:; 30 September 2020

Summary

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.

Affected Version(s)

750-831/xxx-xxx <= unspecified

750-852 <= unspecified

750-880/xxx-xxx <= unspecified

References

https://cert.vde.com/en-us/advisories/vde-2020-027

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Apr 30, 2020

Credit

Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.

coordinated by CERT@VDE