VDE-2020-027
Vulnerability from csaf_wagogmbhcokg - Published: 2020-09-30 11:06 - Updated: 2025-05-14 12:28Summary
WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
Notes
Summary: The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to change some special parameters without authentication.
Impact: This vulnerability allows an attacker who has access to the WBM to prevent the loading of the runtime-application after restart of the device by sending specifically constructed requests without authentication.
Solution: Upgrade affected devices to the latest standard firmware.
| Product | Fixed Versions |
|-------------------|----------------|
| 750-852 | > FW07 |
| 750-880/xxx-xxx | > FW07 |
| 750-881 | > FW07 |
| 750-831/xxx-xxx | > FW07 |
| 750-882 | > FW07 |
| 750-885/xxx-xxx | > FW07 |
| 750-889 | > FW07 |
Mitigation: Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP ports.
Disable web-based management ports 80/443 after the configuration phase
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions.
8.2 (High)
Mitigation
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP ports.
Disable web-based management ports 80/443 after the configuration phase
Vendor Fix
Upgrade affected devices to the latest standard firmware.
References
Acknowledgments
Maxim Rupp
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "Maxim Rupp",
"summary": "reported"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.\nWith special crafted requests it is possible to change some special parameters without authentication.",
"title": "Summary"
},
{
"category": "description",
"text": "This vulnerability allows an attacker who has access to the WBM to prevent the loading of the runtime-application after restart of the device by sending specifically constructed requests without authentication.",
"title": "Impact"
},
{
"category": "description",
"text": "Upgrade affected devices to the latest standard firmware.\n| Product | Fixed Versions |\n|-------------------|----------------|\n| 750-852 | \u003e FW07 |\n| 750-880/xxx-xxx | \u003e FW07 |\n| 750-881 | \u003e FW07 |\n| 750-831/xxx-xxx | \u003e FW07 |\n| 750-882 | \u003e FW07 |\n| 750-885/xxx-xxx | \u003e FW07 |\n| 750-889 | \u003e FW07 |\n",
"title": "Solution"
},
{
"category": "description",
"text": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2020-027: WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07 - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-027/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago"
},
{
"category": "self",
"summary": "VDE-2020-027: WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07 - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-027.json"
}
],
"title": "WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version \u003c= FW07",
"tracking": {
"aliases": [
"VDE-2020-027"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-02-26T16:19:42.056Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.19"
}
},
"id": "VDE-2020-027",
"initial_release_date": "2020-09-30T11:06:00.000Z",
"revision_history": [
{
"date": "2020-09-30T11:06:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "2",
"summary": "Fix: removed ia, firmware category, added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW07",
"product": {
"name": "Firmware \u003c=FW07",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW08",
"product": {
"name": "Firmware FW08",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-831/xxx-xxx",
"product": {
"name": "BACnet/IP Controller 750-831/xxx-xxx",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"750-831/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "BACnet/IP Controller 750-852",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"750-852"
]
}
}
},
{
"category": "product_name",
"name": "750-880/xxx-xxx",
"product": {
"name": "BACnet/IP Controller 750-880/xxx-xxx",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-880/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "BACnet/IP Controller 750-881",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-881"
]
}
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "BACnet/IP Controller 750-882",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"750-882"
]
}
}
},
{
"category": "product_name",
"name": "750-885/xxx-xxx",
"product": {
"name": "Controller 750-885/xxx-xxx",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"750-885/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "BACnet/IP Controller 750-889",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"750-889"
]
}
}
}
],
"category": "product_name",
"name": "BACnet/IP Controller"
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on BACnet/IP Controller 750-831/xxx-xxx",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on BACnet/IP Controller 750-852",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on BACnet/IP Controller 750-880/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on BACnet/IP Controller 750-881",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on BACnet/IP Controller 750-882",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on Controller 750-885/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on BACnet/IP Controller 750-889",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on BACnet/IP Controller 750-831/xxx-xxx",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on BACnet/IP Controller 750-852",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on BACnet/IP Controller 750-880/xxx-xxx",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on BACnet/IP Controller 750-881",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on BACnet/IP Controller 750-882",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on Controller 750-885/xxx-xxx",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on BACnet/IP Controller 750-889",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12505",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Mitigation\n\nRestrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Upgrade affected devices to the latest standard firmware.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-12505"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…