github - ghsa-qrrv-9vc8-gf2w

ghsa-qrrv-9vc8-gf2w

Vulnerability from github

Published

2022-05-24 17:36

Modified

2022-05-24 17:36

Details

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-17T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10.",
  "id": "GHSA-qrrv-9vc8-gf2w",
  "modified": "2022-05-24T17:36:49Z",
  "published": "2022-05-24T17:36:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12522"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2020-12522

Vulnerability from cvelistv5

Published

2020-12-17 22:40

Modified

2024-09-16 18:14

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://cert.vde.com/en-us/advisories/vde-2020-045	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

WAGO

Series PFC 100 (750-81xx/xxx-xxx)

Version: FW1 <

WAGO	Series PFC 200 (750-82xx/xxx-xxx)	Version: FW1 <
WAGO	Series Wago Touch Panel 600 Standard Line (762-4xxx)	Version: FW1 <
WAGO	Series Wago Touch Panel 600 Advanced Line (762-5xxx)	Version: FW1 <
WAGO	Series Wago Touch Panel 600 Marine Line (762-6xxx)	Version: FW1 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Series PFC 100 (750-81xx/xxx-xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series PFC 200 (750-82xx/xxx-xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW10",
              "status": "affected",
              "version": "FW1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
        }
      ],
      "datePublic": "2020-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-17T22:40:48",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
        }
      ],
      "source": {
        "advisory": "VDE-2020-045",
        "defect": [
          "VDE-2020-045"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
          "ID": "CVE-2020-12522",
          "STATE": "PUBLIC",
          "TITLE": "Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions \u003c=FW10"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Series PFC 100 (750-81xx/xxx-xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series PFC 200 (750-82xx/xxx-xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c=",
                            "version_name": "FW1",
                            "version_value": "FW10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WAGO"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty. We thank CERT@VDE for the management of this coordinated disclosure."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions \u003c=FW10."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-045",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-045"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017."
          }
        ],
        "source": {
          "advisory": "VDE-2020-045",
          "defect": [
            "VDE-2020-045"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable I/O-Check service\nRestrict network access to the device.\nDo not directly connect the device to the internet."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12522",
    "datePublished": "2020-12-17T22:40:48.065139Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-16T18:14:32.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted