FKIE_CVE-2020-12522
Vulnerability from fkie_nvd - Published: 2020-12-17 23:15 - Updated: 2024-11-21 04:59
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-045 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-045 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:pfc_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "231443A9-A38B-48D2-8686-EBAE040BC53C",
"versionEndIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8101\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1E36F3-C876-4427-A19A-2CE099D46FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8102\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59142ED2-02A8-44B3-8F0F-9C106542F55A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:pfc_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45099EEC-C92C-434A-A271-9095C7F1AD93",
"versionEndIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8202\\/000-012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D005CB-5D55-4142-8A5B-A005AC2FC239",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8202\\/000-022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38796792-5D69-41BA-84B8-792151B1FC6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8202\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "977A1B79-8D15-49D8-8C58-F7B1FFDF0E8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8202\\/040-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E35ACF-6C0A-4C9F-83A8-6CBAF927BE43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8206\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6196935C-97E0-40A2-AF06-03CB72E40B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8206\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2892D5-A691-48A9-ACC9-236A50E6A40E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8206\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49A39AFE-BC17-4A09-ABCE-271C2BB9AA07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8206\\/040-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B851D224-DFC0-4D96-AE88-0B7AF75FBCD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8207\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F56DA20-D82B-48C7-B4AD-8534367E8D83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8207\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5C4BAD-7268-4367-A112-60E1A2EF6AF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8208\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFE4FF4-4EE4-493F-A8CF-968215142EF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8208\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B32F6244-FB19-4629-BCAB-A544C031E4BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8210\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7C8131-3BE2-4515-81F0-1C7644B622B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8210\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50421963-086D-4B34-BCDA-1EA971708B73",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8211\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4921C3E3-0ED0-4ECB-B791-BE3AE48D6F92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8211\\/040-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E6D37B-E7CF-401E-86F0-0E17694CF3C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8212\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B9A7B1-2457-44E7-9753-DC5828281892",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8212\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC1F538-875D-4337-A42E-A837173B30FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8212\\/025-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CC3BB-60A3-451F-BC34-F1D03517B0E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8212\\/040-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26478046-3D53-45DB-B5B9-EE160383C9E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8212\\/040-010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF110184-7737-417A-8C9C-2F30FA8091C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8213\\/040-010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "764647F1-F01F-42CD-94B6-D46494BDC1A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8216\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD81900-6337-4EB9-ABA5-836452AF3E59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8216\\/025-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3ED9EED-726C-4217-ABFE-CE0DE8BB902E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:750-8217\\/025-000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6494874B-DB89-4C9C-BF6E-EB775D19C6B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C8477B-8399-46D5-BFCE-E8D68F9F0A95",
"versionEndIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5421E8-67EA-4D0D-889F-A64DA70E7695",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB95678-6815-4FB6-AA22-E6FEC011B269",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5FDEF0-45DF-4BD0-80EC-3D8AD467846F",
"versionEndIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4FF612-453D-4287-8989-2779A6F6A0A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80089A85-1174-4E47-BC36-69DD11A3FFF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "878F774F-B317-4FCC-8E2A-D496E19F710C",
"versionEndIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4E78EB-C91E-4E92-AF9F-90300EE96E03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C98F37AB-BFC5-49C2-B8FD-21AA0266C703",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "422F9EEC-8516-4692-93DE-BB0F385D2BD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
},
{
"lang": "es",
"value": "La vulnerabilidad reportada permite a un atacante que tiene acceso de red al dispositivo ejecutar c\u00f3digo con paquetes especialmente dise\u00f1ados en WAGO Serie PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) con versiones de firmware anteriores a FW10 incluy\u00e9ndola"
}
],
"id": "CVE-2020-12522",
"lastModified": "2024-11-21T04:59:51.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T23:15:13.200",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…