CVE-2020-12505: WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
First published: Wed Sep 30 2020(Updated: )
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO 750-852 firmware | <=fw07 | |
| WAGO 750-xxx series firmware | ||
| WAGO 750-880/040-000 firmware | <=fw07 | |
| WAGO 750-880/040-000 | ||
| WAGO Ethernet Firmware | <=fw07 | |
| WAGO 750-881 firmware | ||
| WAGO Ethernet Firmware | <=fw07 | |
| WAGO 750-831 firmware | ||
| WAGO 750-882 firmware | <=fw07 | |
| WAGO 750-882 firmware | ||
| WAGO 750-885 firmware | <=fw07 | |
| WAGO 750-885 firmware | ||
| WAGO 750-889 firmware | <=fw07 | |
| WAGO 750-889 firmware |
Remedy
Upgrade devices to the latest standard firmware (> FW07).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12505?
CVE-2020-12505 is an improper authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 that allows an attacker to change special parameters without authentication.
Which WAGO models are affected by CVE-2020-12505?
WAGO 750-852, WAGO 750-880, WAGO 750-881, WAGO 750-831, WAGO 750-882, WAGO 750-885, WAGO 750-889.
What is the severity of CVE-2020-12505?
CVE-2020-12505 has a severity rating of critical with a CVSS score of 8.2.
How can an attacker exploit CVE-2020-12505?
An attacker can exploit CVE-2020-12505 by changing special parameters without authentication.
Is there a fix for CVE-2020-12505?
There is currently no known fix for CVE-2020-12505. It is recommended to contact the vendor for further guidance.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wago
- canonical/wago 750-852 firmware
- version/wago 750-852 firmware/fw07
- canonical/wago 750-xxx series firmware
- canonical/wago 750-880/040-000 firmware
- version/wago 750-880/040-000 firmware/fw07
- canonical/wago 750-880/040-000
- canonical/wago ethernet firmware
- version/wago ethernet firmware/fw07
- canonical/wago 750-881 firmware
- canonical/wago 750-831 firmware
- canonical/wago 750-882 firmware
- version/wago 750-882 firmware/fw07
- canonical/wago 750-885 firmware
- version/wago 750-885 firmware/fw07
- canonical/wago 750-889 firmware
- version/wago 750-889 firmware/fw07