CVE-2020-12506

moderate-risk

Published 2020-09-30

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (7)

750-362 Firmware

750-363 Firmware

750-823 Firmware

750-832 Firmware

750-862 Firmware

750-891 Firmware

750-890 Firmware

Affected Vendors

Wago

References (2)

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2020-028

/ 100

moderate-risk

Severity 31/34 · Critical

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate