CVE-2020-12505

Published Sep 30, 2020

Last updated 3 years ago

CVSS high 8.2

Overview

Description: Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 4.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

info@cert.vde.com: CWE-306
nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED404720-0042-42AB-9125-4CDF2D02D44E",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D6739E1-EF0B-48EE-90FC-5708756FC362"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEB9FB33-B34B-4904-A9E5-795BBAC5EAEF",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CFEAC4D9-15CF-44B8-844D-C012AA4637A2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "987FDB58-A501-4F70-B7F1-0F3E0845EFD7",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C33ED3A-C5D8-4276-B896-665642A6BD51",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F0631884-FF6F-4AA9-9D76-CDECB5A738FC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F46D5249-6418-4FF9-B980-85BB6211D939",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1379D65-F376-4618-B708-5E59D64C8033"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7521A675-86D6-4EEA-8D26-E8702CA426B3",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7712F56E-AEBA-4DE0-9172-26F3D29B369B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10BC697F-D2B2-4D95-A67C-87E4499919EE",
            "versionEndIncluding": "fw07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57919AAB-2962-4543-810A-C143300351F8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References