First published: Wed Sep 30 2020(Updated: )
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wago 750-362 Firmware | <=fw03 | |
WAGO 750-362 | ||
Wago 750-363 Firmware | <=fw03 | |
WAGO 750-363 | ||
Wago 750-823 Firmware | <=fw03 | |
WAGO 750-823 | ||
Wago 750-832 Firmware | <=fw03 | |
WAGO 750-832 | ||
Wago 750-862 Firmware | <=fw03 | |
WAGO 750-862 | ||
Wago 750-891 Firmware | <=fw03 | |
WAGO 750-891 | ||
Wago 750-890 Firmware | <=fw03 | |
WAGO 750-890 |
Upgrade devices to the latest standard firmware (> FW03).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-12506.
The severity level of CVE-2020-12506 is critical with a score of 9.1.
The devices affected by CVE-2020-12506 include WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832, WAGO 750-862, WAGO 750-891, and WAGO 750-890 with firmware versions up to and including FW03.
CVE-2020-12506 allows an attacker to change the settings of the WAGO 750-8XX series devices without authentication.
To mitigate CVE-2020-12506, update the firmware of the affected WAGO devices to a version higher than FW03.