Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-12979

CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

6.5MEDIUM

EPSS

4.9%

top 10.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wago 762-3000 Firmware Wago 762-3001 Firmware Wago 762-3002 Firmware +1 more

Timeline

PublishedJul 12

Latest updateMay 13

Description

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDwago/762-3000_firmware< 02

▶NVDwago/762-3003_firmware< 02

▶NVDwago/762-3001_firmware< 02

▶NVDwago/762-3002_firmware< 02

🔴Vulnerability Details

GHSA

GHSA-7373-xjj5-q36p: An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02↗2022-05-13

▶

CVEList

CVE-2018-12979: An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02↗2018-07-12

▶

💥Exploits & PoCs

Exploit-DB

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities↗2018-07-13

▶