CVE-2020-12505

moderate-risk

Published 2020-09-30

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Affected Products (7)

750-852 Firmware

750-880 Firmware

750-881 Firmware

750-831 Firmware

750-882 Firmware

750-885 Firmware

750-889 Firmware

Affected Vendors

Wago

References (2)

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2020-027

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate