CVE-2020-6090
First published: Thu Jun 11 2020(Updated: )
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC200 Firmware | =03.03.10\(15\) | |
| WAGO PFC200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-6090?
The severity of CVE-2020-6090 is critical with a CVSS score of 7.2.
How does the vulnerability CVE-2020-6090 allow code execution?
The vulnerability CVE-2020-6090 allows code execution through a series of specially crafted HTTP requests.
What software versions are affected by CVE-2020-6090?
WAGO PFC 200 firmware version 03.03.10(15) is affected by CVE-2020-6090.
Is WAGO PFC200 software vulnerable to CVE-2020-6090?
No, WAGO PFC200 software is not vulnerable to CVE-2020-6090.
How can an attacker exploit CVE-2020-6090?
An attacker can exploit CVE-2020-6090 by making an authenticated HTTP request to trigger code execution.
- collector/nvd-index
- vendor/wago
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/03.03.10\(15\)
- canonical/wago pfc200