Share: Email | Twitter

ID

VDE-2020-045

Published

2020-12-17 10:02 (CET)

Last update

2020-12-17 10:02 (CET)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
750-81xx/xxx-xxx <= FW10
750-82xx/xxx-xxx <= FW10
762-4xxx <= FW10
762-5xxx <= FW10
762-6xxx <= FW10

Summary

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets.

CVE ID

CVE-2020-12522 

Last Update:

March 4, 2021, 8:33 a.m.

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 

Weakness

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')  (CWE-78) 

Summary

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

Details

nvd.nist.gov 

Impact

By exploiting the described vulnerabilities the attacker potentially is able to manipulate or disrupt the device.

Solution

Mitigation

  • Disable I/O-Check service
  • Restrict network access to the device.
  • Do not directly connect the device to the internet.

Remediation

The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the I/O-Check service after commissioning. This is the easiest and securest way to protect your device from the listed vulnerabilities.

Regardless to the action described above, the vulnerability has been fixed in FW11, released in December 2017.

Reported by

This vulnerability was originally found by Florian Seidel of WAGO and was rediscovered by Uri Katz of Claroty.

CERT@VDE coordinated