CVE-2020-12522: Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
First published: Thu Dec 17 2020(Updated: )
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC 100 Firmware | <=10 | |
| Wago 750-8101\/025-000 | ||
| Wago 750-8102\/025-000 | ||
| WAGO PFC 200 Firmware | <=10 | |
| Wago 750-8202\/000-012 | ||
| Wago 750-8202\/000-022 | ||
| Wago 750-8202\/040-000 | ||
| Wago 750-8202\/040-001 | ||
| Wago 750-8206\/025-000 | ||
| Wago 750-8206\/025-001 | ||
| Wago 750-8206\/040-000 | ||
| Wago 750-8206\/040-001 | ||
| Wago 750-8207\/025-000 | ||
| Wago 750-8207\/025-001 | ||
| Wago 750-8208\/025-000 | ||
| Wago 750-8208\/025-001 | ||
| Wago 750-8210\/025-000 | ||
| Wago 750-8210\/040-000 | ||
| Wago 750-8211\/040-000 | ||
| Wago 750-8211\/040-001 | ||
| Wago 750-8212\/025-000 | ||
| Wago 750-8212\/025-001 | ||
| Wago 750-8212\/025-002 | ||
| Wago 750-8212\/040-000 | ||
| Wago 750-8212\/040-010 | ||
| Wago 750-8213\/040-010 | ||
| Wago 750-8216\/025-000 | ||
| Wago 750-8216\/025-001 | ||
| Wago 750-8217\/025-000 | ||
| Wago Touch Panel 600 Standard Firmware | <=10 | |
| Wago 762-4301\/8000-002 | ||
| Wago 762-4302\/8000-002 | ||
| Wago 762-4303\/8000-002 | ||
| Wago 762-4304\/8000-002 | ||
| Wago Touch Panel 600 Advanced Firmware | <=10 | |
| Wago 762-5303\/8000-002 | ||
| Wago 762-5304\/8000-002 | ||
| Wago Touch Panel 600 Marine Firmware | <=10 | |
| Wago 762-6201\/8000-001 | ||
| Wago 762-6202\/8000-001 | ||
| Wago 762-6203\/8000-001 | ||
| Wago 762-6204\/8000-001 |
Remedy
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities. Regardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12522?
CVE-2020-12522 is a reported vulnerability that allows an attacker with network access to execute code with specially crafted packets in WAGO Series PFC 100, PFC 200, Wago Touch Panel 600 Standard Line, and Wago Touch Panel 600 Advanced Line.
How severe is the vulnerability CVE-2020-12522?
The severity of CVE-2020-12522 is critical, with a severity value of 9.8.
Which software versions are affected by CVE-2020-12522?
CVE-2020-12522 affects WAGO PFC 100 Firmware versions up to and including 10, as well as WAGO PFC 200 Firmware versions up to and including 10, Wago Touch Panel 600 Standard Firmware versions up to and including 10, and Wago Touch Panel 600 Advanced Firmware versions up to and including 10.
How can the vulnerability CVE-2020-12522 be exploited?
CVE-2020-12522 can be exploited by an attacker with network access who sends specially crafted packets to the vulnerable device, allowing them to execute arbitrary code.
Is there a fix available for CVE-2020-12522?
At the time of writing, there is no information available about a specific fix for CVE-2020-12522. It is recommended to follow the guidance provided by the vendor and apply any patches or updates as soon as they become available.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- vendor/wago
- canonical/wago pfc 100 firmware
- version/wago pfc 100 firmware/10
- canonical/wago 750-8101\/025-000
- canonical/wago 750-8102\/025-000
- canonical/wago pfc 200 firmware
- version/wago pfc 200 firmware/10
- canonical/wago 750-8202\/000-012
- canonical/wago 750-8202\/000-022
- canonical/wago 750-8202\/040-000
- canonical/wago 750-8202\/040-001
- canonical/wago 750-8206\/025-000
- canonical/wago 750-8206\/025-001
- canonical/wago 750-8206\/040-000
- canonical/wago 750-8206\/040-001
- canonical/wago 750-8207\/025-000
- canonical/wago 750-8207\/025-001
- canonical/wago 750-8208\/025-000
- canonical/wago 750-8208\/025-001
- canonical/wago 750-8210\/025-000
- canonical/wago 750-8210\/040-000
- canonical/wago 750-8211\/040-000
- canonical/wago 750-8211\/040-001
- canonical/wago 750-8212\/025-000
- canonical/wago 750-8212\/025-001
- canonical/wago 750-8212\/025-002
- canonical/wago 750-8212\/040-000
- canonical/wago 750-8212\/040-010
- canonical/wago 750-8213\/040-010
- canonical/wago 750-8216\/025-000
- canonical/wago 750-8216\/025-001
- canonical/wago 750-8217\/025-000
- canonical/wago touch panel 600 standard firmware
- version/wago touch panel 600 standard firmware/10
- canonical/wago 762-4301\/8000-002
- canonical/wago 762-4302\/8000-002
- canonical/wago 762-4303\/8000-002
- canonical/wago 762-4304\/8000-002
- canonical/wago touch panel 600 advanced firmware
- version/wago touch panel 600 advanced firmware/10
- canonical/wago 762-5303\/8000-002
- canonical/wago 762-5304\/8000-002
- canonical/wago touch panel 600 marine firmware
- version/wago touch panel 600 marine firmware/10
- canonical/wago 762-6201\/8000-001
- canonical/wago 762-6202\/8000-001
- canonical/wago 762-6203\/8000-001
- canonical/wago 762-6204\/8000-001