CVE-2020-12522

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CERTVDECNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
wagopfc_100_firmware
𝑥
≤ 10
wagopfc_200_firmware
𝑥
≤ 10
wagotouch_panel_600_standard_firmware
𝑥
≤ 10
wagotouch_panel_600_advanced_firmware
𝑥
≤ 10
wagotouch_panel_600_marine_firmware
𝑥
≤ 10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2020-045
https://cert.vde.com/en-us/advisories/vde-2020-045