CVE-2020-12506 - OpenCVE

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wago	750-832 Firmware 750-832 750-363 Firmware 750-823 Firmware 750-363 750-890 Firmware 750-891 750-890 750-862 750-362 Firmware 750-362 750-891 Firmware 750-823 750-862 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2020-028	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2020-09-29T00:00:00

Updated: 2021-11-10T11:22:01

Reserved: 2020-04-30T00:00:00

Link: CVE-2020-12506

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-30T16:15:12.777

Modified: 2021-11-17T13:55:48.473

Link: CVE-2020-12506

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "750-362", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "750-363", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "750-823", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "750-832/xxx-xxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "750-862", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "750-891", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "750-890/xxx-xxx", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."}, {"lang": "en", "value": "coordinated by CERT@VDE"}], "datePublic": "2020-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-10T11:22:01", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-028"}], "solutions": [{"lang": "en", "value": "Upgrade devices to the latest standard firmware (> FW03)."}], "source": {"advisory": "vde-2020-028", "defect": ["vde-2020-028"], "discovery": "EXTERNAL"}, "title": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03", "workarounds": [{"lang": "en", "value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-09-29T22:00:00.000Z", "ID": "CVE-2020-12506", "STATE": "PUBLIC", "TITLE": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "750-362", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}, {"product_name": "750-363", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}, {"product_name": "750-823", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}, {"product_name": "750-832/xxx-xxx", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}, {"product_name": "750-862", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}, {"product_name": "750-891", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}, {"product_name": "750-890/xxx-xxx", "version": {"version_data": [{"version_affected": "<=", "version_value": "FW03"}]}}]}, "vendor_name": "WAGO"}]}}, "credit": [{"lang": "eng", "value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."}, {"lang": "eng", "value": "coordinated by CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2020-028", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2020-028"}]}, "solution": [{"lang": "en", "value": "Upgrade devices to the latest standard firmware (> FW03)."}], "source": {"advisory": "vde-2020-028", "defect": ["vde-2020-028"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"}]}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2020-12506", "datePublished": "2020-09-29T00:00:00", "dateReserved": "2020-04-30T00:00:00", "dateUpdated": "2021-11-10T11:22:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1972A796-844D-47A1-A9EA-37E7A548D8DC", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*", "matchCriteriaId": "6330A839-FAE3-43EB-B1AA-BA6844D9906D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13752AD0-7ED9-446E-99F8-153B62BEB062", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*", "matchCriteriaId": "54E13E9C-226E-4BD6-8F0C-3061092E892A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA3507C4-737A-40F4-B595-45BB1864C5DE", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB88572A-CB05-4B52-8BFC-05EFDC819244", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B5FF9F1-E281-4E15-920D-C273A5C87EC2", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*", "matchCriteriaId": "13D1FA8D-C8BA-4D1C-8372-DECD40177631", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D58CF92D-B614-4878-8D1E-182CE7108912", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA04FBFB-9E1C-4618-9FDC-70675506D8D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9D36F87-6C54-4CE8-A38B-3FF525B34C47", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*", "matchCriteriaId": "22BAABD9-A10D-4904-AA02-C37C4490B47A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A0E9003-3D94-419B-8812-48E5854DF23D", "versionEndIncluding": "fw03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*", "matchCriteriaId": "11751A8B-FCFD-433B-9065-B4FC85168A93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."}, {"lang": "es", "value": "La vulnerabilidad de autenticaci\u00f3n inadecuada en la serie WAGO 750-8XX con versi\u00f3n FW versiones anteriores e iguales a FW03 permite a un atacante cambiar la configuraci\u00f3n de los dispositivos mediante el env\u00edo de solicitudes espec\u00edficamente construidas sin autenticaci\u00f3n Este problema afecta a: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx en versiones FW03 y anteriores."}], "id": "CVE-2020-12506", "lastModified": "2021-11-17T13:55:48.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-09-30T16:15:12.777", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-028"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "info@cert.vde.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Secondary"}]}