CVE-2020-12522

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 58.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Series PFC 100 (750-81xx/xxx-xxx)Wago Series PFC 200 (750-82xx/xxx-xxx)Wago Series Wago Touch Panel 600 Advanced Line (762-5xxx)+7 more

Timeline

PublishedDec 17

Latest updateMay 24

Description

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages10 packages

▶CVEListV5wago/series_wago_touch_panel_600_marine_line_(762-6xxx)FW1 — FW10

▶CVEListV5wago/series_wago_touch_panel_600_advanced_line_(762-5xxx)FW1 — FW10

▶CVEListV5wago/series_wago_touch_panel_600_standard_line_(762-4xxx)FW1 — FW10

▶NVDwago/touch_panel_600_marine_firmware10

▶NVDwago/touch_panel_600_advanced_firmware10

🔴Vulnerability Details

GHSA

GHSA-qrrv-9vc8-gf2w: The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 1↗2022-05-24

▶

CVEList

Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10↗2020-12-17

▶