Sign-up

ID

VAR-202006-1778


CVE

CVE-2020-6090


TITLE

WAGO PFC 200 Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006836

DESCRIPTION

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAGO PFC 200 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) made by WAGO in Germany

Trust: 2.25

sources: NVD: CVE-2020-6090 // JVNDB: JVNDB-2020-006836 // CNVD: CNVD-2021-25701 // VULMON: CVE-2020-6090

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-25701

AFFECTED PRODUCTS

vendor:wagomodel:pfc200scope:eqversion:03.03.10\(15\)

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:03.03.10(15)

Trust: 0.8

vendor:wagomodel:pfcscope:eqversion:20003.03.10(15)

Trust: 0.6

sources: CNVD: CNVD-2021-25701 // JVNDB: JVNDB-2020-006836 // NVD: CVE-2020-6090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6090
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006836
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-25701
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-877
value: HIGH

Trust: 0.6

VULMON: CVE-2020-6090
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-6090
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006836
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-25701
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-6090
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006836
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-25701 // VULMON: CVE-2020-6090 // JVNDB: JVNDB-2020-006836 // CNNVD: CNNVD-202006-877 // NVD: CVE-2020-6090

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-006836 // NVD: CVE-2020-6090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-877

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202006-877

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006836

PATCH
title:Top Pageurl:https://www.wago.com/us/
Trust: 0.8
title: - url:https://github.com/Live-Hack-CVE/CVE-2020-6090 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-6090 // 
            
            
            
            JVNDB: JVNDB-2020-006836

EXTERNAL IDS
db:TALOSid:TALOS-2020-1010
Trust: 3.1
db:NVDid:CVE-2020-6090
Trust: 3.1
db:JVNDBid:JVNDB-2020-006836
Trust: 0.8
db:CNVDid:CNVD-2021-25701
Trust: 0.6
db:CNNVDid:CNNVD-202006-877
Trust: 0.6
db:VULMONid:CVE-2020-6090
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-25701 // 
            
            
            
            VULMON: CVE-2020-6090 // 
            
            
            
            JVNDB: JVNDB-2020-006836 // 
            
            
            
            CNNVD: CNNVD-202006-877 // 
            
            
            
            NVD: CVE-2020-6090

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2020-1010
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-6090
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6090
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/345.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2020-6090
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-25701 // 
            
            
            
            VULMON: CVE-2020-6090 // 
            
            
            
            JVNDB: JVNDB-2020-006836 // 
            
            
            
            CNNVD: CNNVD-202006-877 // 
            
            
            
            NVD: CVE-2020-6090

CREDITS
Discovered through discussions between WAGO and Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-877

SOURCES
db:CNVDid:CNVD-2021-25701
db:VULMONid:CVE-2020-6090
db:JVNDBid:JVNDB-2020-006836
db:CNNVDid:CNNVD-202006-877
db:NVDid:CVE-2020-6090

LAST UPDATE DATE
2024-11-23T22:51:19.747000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-25701date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-6090date:2023-02-07T00:00:00
db:JVNDBid:JVNDB-2020-006836date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-877date:2023-02-08T00:00:00
db:NVDid:CVE-2020-6090date:2024-11-21T05:35:04.623

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-25701date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-6090date:2020-06-11T00:00:00
db:JVNDBid:JVNDB-2020-006836date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-877date:2020-06-10T00:00:00
db:NVDid:CVE-2020-6090date:2020-06-11T14:15:10.487