CVE-2020-6090

CWE-345CWE-269Improper Privilege Management3 documents3 sources
Severity
7.2HIGH
EPSS
1.1%
top 21.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wago Pfc200 Firmware
Timeline
PublishedJun 11
Latest updateMay 24

Description

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5wagoWAGO PFC 200 03.03.10(15)
NVDwago/pfc200_firmware03.03.10\(15\)

🔴Vulnerability Details

2
GHSA
GHSA-pjg3-ch5q-948j: An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 032022-05-24
CVEList
CVE-2020-6090: An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 032020-06-11
CVE-2020-6090 (HIGH CVSS 7.2) | An exploitable code execution vulne | cvebase.io