WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
CVE-2020-12506

9.1CRITICAL

Key Information:

Vendor: Wago
Status: 750-362; 750-363; 750-823; 750-832/xxx-xxx
Vendor: CVE Published:; 30 September 2020

Summary

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.

Affected Version(s)

750-362 <= unspecified

750-363 <= unspecified

750-823 <= unspecified

References

https://cert.vde.com/en-us/advisories/vde-2020-028

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Apr 30, 2020

Credit

Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.

coordinated by CERT@VDE