First published: Thu Dec 17 2020(Updated: )
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
WAGO PFC 100 Firmware | <=10 | |
Wago 750-8101\/025-000 | ||
Wago 750-8102\/025-000 | ||
WAGO PFC 200 Firmware | <=10 | |
Wago 750-8202\/000-012 | ||
Wago 750-8202\/000-022 | ||
Wago 750-8202\/040-000 | ||
Wago 750-8202\/040-001 | ||
Wago 750-8206\/025-000 | ||
Wago 750-8206\/025-001 | ||
Wago 750-8206\/040-000 | ||
Wago 750-8206\/040-001 | ||
Wago 750-8207\/025-000 | ||
Wago 750-8207\/025-001 | ||
Wago 750-8208\/025-000 | ||
Wago 750-8208\/025-001 | ||
Wago 750-8210\/025-000 | ||
Wago 750-8210\/040-000 | ||
Wago 750-8211\/040-000 | ||
Wago 750-8211\/040-001 | ||
Wago 750-8212\/025-000 | ||
Wago 750-8212\/025-001 | ||
Wago 750-8212\/025-002 | ||
Wago 750-8212\/040-000 | ||
Wago 750-8212\/040-010 | ||
Wago 750-8213\/040-010 | ||
Wago 750-8216\/025-000 | ||
Wago 750-8216\/025-001 | ||
Wago 750-8217\/025-000 | ||
Wago Touch Panel 600 Standard Firmware | <=10 | |
Wago 762-4301\/8000-002 | ||
Wago 762-4302\/8000-002 | ||
Wago 762-4303\/8000-002 | ||
Wago 762-4304\/8000-002 | ||
Wago Touch Panel 600 Advanced Firmware | <=10 | |
Wago 762-5303\/8000-002 | ||
Wago 762-5304\/8000-002 | ||
Wago Touch Panel 600 Marine Firmware | <=10 | |
Wago 762-6201\/8000-001 | ||
Wago 762-6202\/8000-001 | ||
Wago 762-6203\/8000-001 | ||
Wago 762-6204\/8000-001 |
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities. Regardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12522 is a reported vulnerability that allows an attacker with network access to execute code with specially crafted packets in WAGO Series PFC 100, PFC 200, Wago Touch Panel 600 Standard Line, and Wago Touch Panel 600 Advanced Line.
The severity of CVE-2020-12522 is critical, with a severity value of 9.8.
CVE-2020-12522 affects WAGO PFC 100 Firmware versions up to and including 10, as well as WAGO PFC 200 Firmware versions up to and including 10, Wago Touch Panel 600 Standard Firmware versions up to and including 10, and Wago Touch Panel 600 Advanced Firmware versions up to and including 10.
CVE-2020-12522 can be exploited by an attacker with network access who sends specially crafted packets to the vulnerable device, allowing them to execute arbitrary code.
At the time of writing, there is no information available about a specific fix for CVE-2020-12522. It is recommended to follow the guidance provided by the vendor and apply any patches or updates as soon as they become available.