CVE-2020-12522

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-12522

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

T

he reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

References
Link Resource
https://cert.vde.com/en-us/advisories/vde-2020-045 Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-045 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wago:pfc_100_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:wago:750-8101\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8102\/025-000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:wago:pfc_200_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:wago:750-8202\/000-012:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/000-022:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/040-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/040-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8206\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8206\/025-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8206\/040-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8206\/040-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8207\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8207\/025-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8208\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8208\/025-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8210\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8210\/040-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8211\/040-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8211\/040-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212\/025-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212\/025-002:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212\/040-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212\/040-010:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8213\/040-010:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8216\/025-000:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8216\/025-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8217\/025-000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:wago:762-4301\/8000-002:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4302\/8000-002:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4303\/8000-002:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4304\/8000-002:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:wago:762-5303\/8000-002:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-5304\/8000-002:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:wago:762-6201\/8000-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6202\/8000-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6203\/8000-001:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6204\/8000-001:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () https://cert.vde.com/en-us/advisories/vde-2020-045 - Third Party Advisory () https://cert.vde.com/en-us/advisories/vde-2020-045 - Third Party Advisory
CVSS v2 : 10.0
v3 : 9.8 		v2 : 10.0
v3 : 10.0
Information

Published : 2020-12-17 23:15

Updated : 2024-11-21 04:59

NVD link : CVE-2020-12522

Mitre link : CVE-2020-12522

CVE.ORG link : CVE-2020-12522

JSON object : View

Products Affected

wago

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')