CVE-2020-12522 (GCVE-0-2020-12522)

Vulnerability from cvelistv5 – Published: 2020-12-17 22:40 – Updated: 2024-09-16 18:14
VLAI?
Summary
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Severity ?
10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-78 - OS Command Injection
Assigner
References
Impacted products
Vendor Product Version
WAGO Series PFC 100 (750-81xx/xxx-xxx) Affected: FW1 , ≤ FW10 (custom)
Create a notification for this product.
Credits
This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Series PFC 100 (750-81xx/xxx-xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series PFC 200 (750-82xx/xxx-xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
        }
      ],
      "datePublic": "2020-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-17T22:40:48",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
        }
      ],
      "source": {
        "advisory": "VDE-2020-045",
        "defect": [
          "VDE-2020-045"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
          "ID": "CVE-2020-12522",
          "STATE": "PUBLIC",
          "TITLE": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Series PFC 100 (750-81xx/xxx-xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series PFC 200 (750-82xx/xxx-xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WAGO"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-045",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
          }
        ],
        "source": {
          "advisory": "VDE-2020-045",
          "defect": [
            "VDE-2020-045"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12522",
    "datePublished": "2020-12-17T22:40:48.065139Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-16T18:14:32.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc_100_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"231443A9-A38B-48D2-8686-EBAE040BC53C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8101\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD1E36F3-C876-4427-A19A-2CE099D46FB6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8102\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59142ED2-02A8-44B3-8F0F-9C106542F55A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc_200_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"45099EEC-C92C-434A-A271-9095C7F1AD93\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8202\\\\/000-012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3D005CB-5D55-4142-8A5B-A005AC2FC239\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8202\\\\/000-022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38796792-5D69-41BA-84B8-792151B1FC6B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8202\\\\/040-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"977A1B79-8D15-49D8-8C58-F7B1FFDF0E8D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8202\\\\/040-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4E35ACF-6C0A-4C9F-83A8-6CBAF927BE43\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8206\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6196935C-97E0-40A2-AF06-03CB72E40B0E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8206\\\\/025-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E2892D5-A691-48A9-ACC9-236A50E6A40E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8206\\\\/040-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49A39AFE-BC17-4A09-ABCE-271C2BB9AA07\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8206\\\\/040-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B851D224-DFC0-4D96-AE88-0B7AF75FBCD8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8207\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F56DA20-D82B-48C7-B4AD-8534367E8D83\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8207\\\\/025-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C5C4BAD-7268-4367-A112-60E1A2EF6AF3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8208\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FFE4FF4-4EE4-493F-A8CF-968215142EF4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8208\\\\/025-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B32F6244-FB19-4629-BCAB-A544C031E4BA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8210\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF7C8131-3BE2-4515-81F0-1C7644B622B3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8210\\\\/040-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50421963-086D-4B34-BCDA-1EA971708B73\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8211\\\\/040-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4921C3E3-0ED0-4ECB-B791-BE3AE48D6F92\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8211\\\\/040-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8E6D37B-E7CF-401E-86F0-0E17694CF3C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8212\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B9A7B1-2457-44E7-9753-DC5828281892\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8212\\\\/025-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC1F538-875D-4337-A42E-A837173B30FF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8212\\\\/025-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A81CC3BB-60A3-451F-BC34-F1D03517B0E1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8212\\\\/040-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26478046-3D53-45DB-B5B9-EE160383C9E2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8212\\\\/040-010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF110184-7737-417A-8C9C-2F30FA8091C0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8213\\\\/040-010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"764647F1-F01F-42CD-94B6-D46494BDC1A0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8216\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAD81900-6337-4EB9-ABA5-836452AF3E59\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8216\\\\/025-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3ED9EED-726C-4217-ABFE-CE0DE8BB902E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:750-8217\\\\/025-000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6494874B-DB89-4C9C-BF6E-EB775D19C6B5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"28C8477B-8399-46D5-BFCE-E8D68F9F0A95\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-4301\\\\/8000-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-4302\\\\/8000-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-4303\\\\/8000-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A5421E8-67EA-4D0D-889F-A64DA70E7695\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-4304\\\\/8000-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DB95678-6815-4FB6-AA22-E6FEC011B269\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"7C5FDEF0-45DF-4BD0-80EC-3D8AD467846F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-5303\\\\/8000-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D4FF612-453D-4287-8989-2779A6F6A0A7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-5304\\\\/8000-002:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80089A85-1174-4E47-BC36-69DD11A3FFF8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10\", \"matchCriteriaId\": \"878F774F-B317-4FCC-8E2A-D496E19F710C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-6201\\\\/8000-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-6202\\\\/8000-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF4E78EB-C91E-4E92-AF9F-90300EE96E03\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-6203\\\\/8000-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C98F37AB-BFC5-49C2-B8FD-21AA0266C703\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:762-6204\\\\/8000-001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"422F9EEC-8516-4692-93DE-BB0F385D2BD1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad reportada permite a un atacante que tiene acceso de red al dispositivo ejecutar c\\u00f3digo con paquetes especialmente dise\\u00f1ados en WAGO Serie PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) con versiones de firmware anteriores a FW10 incluy\\u00e9ndola\"}]",
      "id": "CVE-2020-12522",
      "lastModified": "2024-11-21T04:59:51.620",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-17T23:15:13.200",
      "references": "[{\"url\": \"https://cert.vde.com/en-us/advisories/vde-2020-045\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en-us/advisories/vde-2020-045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-12522\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2020-12-17T23:15:13.200\",\"lastModified\":\"2024-11-21T04:59:51.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad reportada permite a un atacante que tiene acceso de red al dispositivo ejecutar c\u00f3digo con paquetes especialmente dise\u00f1ados en WAGO Serie PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) con versiones de firmware anteriores a FW10 incluy\u00e9ndola\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc_100_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"231443A9-A38B-48D2-8686-EBAE040BC53C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8101\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD1E36F3-C876-4427-A19A-2CE099D46FB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8102\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59142ED2-02A8-44B3-8F0F-9C106542F55A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc_200_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"45099EEC-C92C-434A-A271-9095C7F1AD93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8202\\\\/000-012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D005CB-5D55-4142-8A5B-A005AC2FC239\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8202\\\\/000-022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38796792-5D69-41BA-84B8-792151B1FC6B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8202\\\\/040-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"977A1B79-8D15-49D8-8C58-F7B1FFDF0E8D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8202\\\\/040-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4E35ACF-6C0A-4C9F-83A8-6CBAF927BE43\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8206\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6196935C-97E0-40A2-AF06-03CB72E40B0E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8206\\\\/025-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E2892D5-A691-48A9-ACC9-236A50E6A40E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8206\\\\/040-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A39AFE-BC17-4A09-ABCE-271C2BB9AA07\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8206\\\\/040-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B851D224-DFC0-4D96-AE88-0B7AF75FBCD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8207\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F56DA20-D82B-48C7-B4AD-8534367E8D83\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8207\\\\/025-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C5C4BAD-7268-4367-A112-60E1A2EF6AF3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8208\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FFE4FF4-4EE4-493F-A8CF-968215142EF4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8208\\\\/025-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32F6244-FB19-4629-BCAB-A544C031E4BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8210\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF7C8131-3BE2-4515-81F0-1C7644B622B3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8210\\\\/040-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50421963-086D-4B34-BCDA-1EA971708B73\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8211\\\\/040-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4921C3E3-0ED0-4ECB-B791-BE3AE48D6F92\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8211\\\\/040-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8E6D37B-E7CF-401E-86F0-0E17694CF3C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B9A7B1-2457-44E7-9753-DC5828281892\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212\\\\/025-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC1F538-875D-4337-A42E-A837173B30FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212\\\\/025-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A81CC3BB-60A3-451F-BC34-F1D03517B0E1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212\\\\/040-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26478046-3D53-45DB-B5B9-EE160383C9E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212\\\\/040-010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF110184-7737-417A-8C9C-2F30FA8091C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8213\\\\/040-010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"764647F1-F01F-42CD-94B6-D46494BDC1A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8216\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAD81900-6337-4EB9-ABA5-836452AF3E59\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8216\\\\/025-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3ED9EED-726C-4217-ABFE-CE0DE8BB902E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8217\\\\/025-000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6494874B-DB89-4C9C-BF6E-EB775D19C6B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"28C8477B-8399-46D5-BFCE-E8D68F9F0A95\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-4301\\\\/8000-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-4302\\\\/8000-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-4303\\\\/8000-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5421E8-67EA-4D0D-889F-A64DA70E7695\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-4304\\\\/8000-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DB95678-6815-4FB6-AA22-E6FEC011B269\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"7C5FDEF0-45DF-4BD0-80EC-3D8AD467846F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-5303\\\\/8000-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D4FF612-453D-4287-8989-2779A6F6A0A7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-5304\\\\/8000-002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80089A85-1174-4E47-BC36-69DD11A3FFF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10\",\"matchCriteriaId\":\"878F774F-B317-4FCC-8E2A-D496E19F710C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-6201\\\\/8000-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-6202\\\\/8000-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4E78EB-C91E-4E92-AF9F-90300EE96E03\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-6203\\\\/8000-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98F37AB-BFC5-49C2-B8FD-21AA0266C703\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:762-6204\\\\/8000-001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"422F9EEC-8516-4692-93DE-BB0F385D2BD1\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-045\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.