CVE-2019-10712

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.4%

top 19.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 750-330 Firmware Wago 750-352 Firmware Wago 750-829 Firmware +13 more

Timeline

PublishedMay 7

Latest updateMay 24

Description

The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages16 packages

▶NVDwago/750-330_firmware< 14

▶NVDwago/750-352_firmware< 14

▶NVDwago/750-829_firmware< 14

▶NVDwago/750-830_firmware< 06

▶NVDwago/750-831_firmware< 14

🔴Vulnerability Details

GHSA

GHSA-r6gg-5rm9-xp64: The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-↗2022-05-24

▶

CVEList

CVE-2019-10712: The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-↗2019-05-07

▶