Sign-up

ID

VAR-202009-1557


CVE

CVE-2020-12506


TITLE

WAGO 750-8XX  Authentication vulnerabilities in series firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-011993

DESCRIPTION

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. WAGO 750-8XX There is an authentication vulnerability in the series firmware.Information is tampered with and denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-12506 // JVNDB: JVNDB-2020-011993

AFFECTED PRODUCTS

vendor:wagomodel:750-891scope:lteversion:fw03

Trust: 1.0

vendor:wagomodel:750-862scope:lteversion:fw03

Trust: 1.0

vendor:wagomodel:750-363scope:lteversion:fw03

Trust: 1.0

vendor:wagomodel:750-890scope:lteversion:fw03

Trust: 1.0

vendor:wagomodel:750-362scope:lteversion:fw03

Trust: 1.0

vendor:wagomodel:750-823scope:lteversion:fw03

Trust: 1.0

vendor:wagomodel:750-832scope:lteversion:fw03

Trust: 1.0

vendor:ワゴジャパン株式会社model:750-362scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-363scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-823scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-832scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-862scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-890scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-891scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011993 // NVD: CVE-2020-12506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12506
value: CRITICAL

Trust: 1.0

info@cert.vde.com: CVE-2020-12506
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-12506
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202009-1693
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-12506
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-12506
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-011993
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-011993 // CNNVD: CNNVD-202009-1693 // NVD: CVE-2020-12506 // NVD: CVE-2020-12506

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011993 // NVD: CVE-2020-12506

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1693

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1693

PATCH

title:top pageurl:https://www.wago.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2020-011993

EXTERNAL IDS

db:CERT@VDEid:VDE-2020-028

Trust: 2.4

db:NVDid:CVE-2020-12506

Trust: 2.4

db:JVNDBid:JVNDB-2020-011993

Trust: 0.8

db:CNNVDid:CNNVD-202009-1693

Trust: 0.6

sources: JVNDB: JVNDB-2020-011993 // CNNVD: CNNVD-202009-1693 // NVD: CVE-2020-12506

REFERENCES

url:https://cert.vde.com/en-us/advisories/vde-2020-028

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12506

Trust: 1.4

sources: JVNDB: JVNDB-2020-011993 // CNNVD: CNNVD-202009-1693 // NVD: CVE-2020-12506

SOURCES

db:JVNDBid:JVNDB-2020-011993
db:CNNVDid:CNNVD-202009-1693
db:NVDid:CVE-2020-12506

LAST UPDATE DATE

2024-11-23T22:47:51.370000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-011993date:2021-04-21T06:39:00
db:CNNVDid:CNNVD-202009-1693date:2021-11-11T00:00:00
db:NVDid:CVE-2020-12506date:2024-11-21T04:59:49.660

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-011993date:2021-04-21T00:00:00
db:CNNVDid:CNNVD-202009-1693date:2020-09-30T00:00:00
db:NVDid:CVE-2020-12506date:2020-09-30T16:15:12.777