CVE-2020-12505: WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
First published: Wed Sep 30 2020(Updated: )
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wago 750-852 Firmware | <=fw07 | |
| WAGO 750-852 | ||
| Wago 750-880 Firmware | <=fw07 | |
| WAGO 750-880 | ||
| Wago 750-881 Firmware | <=fw07 | |
| WAGO 750-881 | ||
| Wago 750-831 Firmware | <=fw07 | |
| WAGO 750-831 | ||
| Wago 750-882 Firmware | <=fw07 | |
| WAGO 750-882 | ||
| Wago 750-885 Firmware | <=fw07 | |
| WAGO 750-885 | ||
| Wago 750-889 Firmware | <=fw07 | |
| WAGO 750-889 |
Remedy
Upgrade devices to the latest standard firmware (> FW07).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12505?
CVE-2020-12505 is an improper authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 that allows an attacker to change special parameters without authentication.
Which WAGO models are affected by CVE-2020-12505?
WAGO 750-852, WAGO 750-880, WAGO 750-881, WAGO 750-831, WAGO 750-882, WAGO 750-885, WAGO 750-889.
What is the severity of CVE-2020-12505?
CVE-2020-12505 has a severity rating of critical with a CVSS score of 8.2.
How can an attacker exploit CVE-2020-12505?
An attacker can exploit CVE-2020-12505 by changing special parameters without authentication.
Is there a fix for CVE-2020-12505?
There is currently no known fix for CVE-2020-12505. It is recommended to contact the vendor for further guidance.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- vendor/wago
- canonical/wago 750-852 firmware
- version/wago 750-852 firmware/fw07
- canonical/wago 750-852
- canonical/wago 750-880 firmware
- version/wago 750-880 firmware/fw07
- canonical/wago 750-880
- canonical/wago 750-881 firmware
- version/wago 750-881 firmware/fw07
- canonical/wago 750-881
- canonical/wago 750-831 firmware
- version/wago 750-831 firmware/fw07
- canonical/wago 750-831
- canonical/wago 750-882 firmware
- version/wago 750-882 firmware/fw07
- canonical/wago 750-882
- canonical/wago 750-885 firmware
- version/wago 750-885 firmware/fw07
- canonical/wago 750-885
- canonical/wago 750-889 firmware
- version/wago 750-889 firmware/fw07
- canonical/wago 750-889