TROYANOSYVIRUS
Volver a CVEs

CVE-2020-12522

CRITICAL
10.0

Descripcion

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

Detalles CVE

Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/17/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

wago:750-8101\/025-000wago:750-8102\/025-000wago:750-8202\/000-012wago:750-8202\/000-022wago:750-8202\/040-000wago:750-8202\/040-001wago:750-8206\/025-000wago:750-8206\/025-001wago:750-8206\/040-000wago:750-8206\/040-001wago:750-8207\/025-000wago:750-8207\/025-001wago:750-8208\/025-000wago:750-8208\/025-001wago:750-8210\/025-000wago:750-8210\/040-000wago:750-8211\/040-000wago:750-8211\/040-001wago:750-8212\/025-000wago:750-8212\/025-001wago:750-8212\/025-002wago:750-8212\/040-000wago:750-8212\/040-010wago:750-8213\/040-010wago:750-8216\/025-000wago:750-8216\/025-001wago:750-8217\/025-000wago:762-4301\/8000-002wago:762-4302\/8000-002wago:762-4303\/8000-002wago:762-4304\/8000-002wago:762-5303\/8000-002wago:762-5304\/8000-002wago:762-6201\/8000-001wago:762-6202\/8000-001wago:762-6203\/8000-001wago:762-6204\/8000-001wago:pfc_100_firmwarewago:pfc_200_firmwarewago:touch_panel_600_advanced_firmwarewago:touch_panel_600_marine_firmwarewago:touch_panel_600_standard_firmware

Debilidades (CWE)

CWE-78CWE-78

Referencias

https://cert.vde.com/en-us/advisories/vde-2020-045(info@cert.vde.com)
https://cert.vde.com/en-us/advisories/vde-2020-045(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.