CVE-2020-12505

CWE-306Missing Authentication3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.3%
top 49.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Wago 750-831/xxx-xxxWago 750-852Wago 750-880/xxx-xxx+11 more
Timeline
PublishedSep 30
Latest updateMay 24

Description

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages14 packages

CVEListV5wago/750-852unspecifiedFW07
CVEListV5wago/750-881unspecifiedFW07
CVEListV5wago/750-882unspecifiedFW07
CVEListV5wago/750-889unspecifiedFW07
CVEListV5wago/750-831/xxx-xxxunspecifiedFW07

🔴Vulnerability Details

2
GHSA
GHSA-8wf3-m6g4-jx6p: Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without auth2022-05-24
CVEList
WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW072020-09-30
CVE-2020-12505 (CRITICAL CVSS 9.1) | Improper Authentication vulnerabili | cvebase.io