Back to overview

WAGO: Multiple vulnerabilities in e!DISPLAY products

VDE-2018-010
Last update
05/22/2025 15:03
Published at
07/10/2018 11:50
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2018-010
CSAF Document
Download

Summary

An unauthenticated user can exploit a vulnerability (CVE-2018-12981) to inject code in the WBM via reflected cross-site scripting (XSS), if he is able trick a user to open a special crafted web site. This could allow an attacker to execute code in the context of the user and execute arbitrary commands with restriction to the permissions of the user. Authenticated users can use a vulnerability to inject code in the WBM via persistent cross-site scripting (XSS) via special crafted requests which will be rendered and/or executed in the browser. Authenticated WBM users can transfer arbitrary files to different file system locations (CVE- 2018-12980) to which the web server has the required permissions and partially allowing replacing existing files due weak file permissions (CVE-2018-12979) which can result in an authentication bypass.

Impact

This advisory is based upon the report of SEC Consult.

CVE-2018-12981

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE- 79)

Severity: 8.0 (CVSS:3.0:AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.

CVE-2018-12980

Unrestricted Upload of File with Dangerous Type (CWE-434)

Severity: 8.0 (CVSS:3.0:AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

CVE-2018-12979

Incorrect Permission Assignment for Critical Resource (CWE-732)

Severity: 7.5 (CVSS:3.0:AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Affected Product(s)

Model no. Product name Affected versions
WAGO Hardware e!DISPLAY Firmware <FW02

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness
Unrestricted Upload of File with Dangerous Type (CWE-434)
References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness
Incorrect Permission Assignment for Critical Resource (CWE-732)
References
cve.org | nvd.nist.gov

Remediation

Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices.

For details on how to obtain the new firmware, please send a request by email to support@wago.com.

Revision History

Version Date Summary
1 07/10/2018 11:50 initial revision
2 01/16/2024 09:30 added vendor name to title
3 05/22/2025 15:03 Fix: removed ia, firmware category, version space, distribution, added distribution, quotation mark