Vulnerability Description
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 750-362 Firmware | <= fw03 |
| Wago | 750-362 | - |
| Wago | 750-363 Firmware | <= fw03 |
| Wago | 750-363 | - |
| Wago | 750-823 Firmware | <= fw03 |
| Wago | 750-823 | - |
| Wago | 750-832 Firmware | <= fw03 |
| Wago | 750-832 | - |
| Wago | 750-862 Firmware | <= fw03 |
| Wago | 750-862 | - |
| Wago | 750-891 Firmware | <= fw03 |
| Wago | 750-891 | - |
| Wago | 750-890 Firmware | <= fw03 |
| Wago | 750-890 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2020-028Third Party Advisory
- https://cert.vde.com/en-us/advisories/vde-2020-028Third Party Advisory
FAQ
What is CVE-2020-12506?
CVE-2020-12506 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authe...
How severe is CVE-2020-12506?
CVE-2020-12506 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-12506?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-362 Firmware, Wago 750-362, Wago 750-363 Firmware, Wago 750-363, Wago 750-823 Firmware.