Vulnerability Description
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 852-303 Firmware | < 1.2.2.s0 |
| Wago | 852-303 | - |
| Wago | 852-1305 Firmware | < 1.1.6.s0 |
| Wago | 852-1305 | - |
| Wago | 852-1505 Firmware | < 1.1.5.s0 |
| Wago | 852-1505 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2019-013Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02Third Party AdvisoryUS Government Resource
- https://www.wago.com/us/Vendor Advisory
- https://cert.vde.com/en-us/advisories/vde-2019-013Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02Third Party AdvisoryUS Government Resource
- https://www.wago.com/us/Vendor Advisory
FAQ
What is CVE-2019-12549?
CVE-2019-12549 is a vulnerability with a CVSS score of 9.8 (CRITICAL). WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemo...
How severe is CVE-2019-12549?
CVE-2019-12549 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-12549?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 852-303 Firmware, Wago 852-303, Wago 852-1305 Firmware, Wago 852-1305, Wago 852-1505 Firmware.