VDE-2020-028

Vulnerability from csaf_wagogmbhcokg - Published: 2020-09-30 11:08 - Updated: 2025-05-14 13:00
Summary
WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Version <= FW03
Notes
Summary: The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. With special crafted requests it is possible to change some special parameters without authentication.
Impact: This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure from the WBM to change the parameter setting of the devices by sending specifically constructed requests without authentication. This can lead to malfunction of the application after reboot.
Mitigation: * Restrict network access to the device. * Do not directly connect the device to the internet. * Disable unused TCP/UDP ports. * Disable web-based management ports 80/443 after the configuration phase
CVE-2020-12506

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions.

9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-287 - Improper Authentication
Mitigation * Restrict network access to the device. * Do not directly connect the device to the internet. * Disable unused TCP/UDP ports. * Disable web-based management ports 80/443 after the configuration phase
Vendor Fix Update affected devices to version >FW03
References
Acknowledgments
CERTVDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERTVDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.\nWith special crafted requests it is possible to change some special parameters without authentication.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure from the WBM to change the parameter setting of the devices by sending specifically constructed requests without authentication.\nThis can lead to malfunction of the application after reboot.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "* Restrict network access to the device.\n* Do not directly connect the device to the internet.\n* Disable unused TCP/UDP ports.\n* Disable web-based management ports 80/443 after the configuration phase",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "WAGO GmbH \u0026 Co. KG",
        "url": "https://www.wago.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-028: WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Version \u003c= FW03 - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2020-028/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-028: WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Version \u003c= FW03 - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-028.json"
      }
    ],
    "title": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Version \u003c= FW03",
    "tracking": {
      "aliases": [
        "VDE-2020-028"
      ],
      "current_release_date": "2025-05-14T13:00:14.000Z",
      "generator": {
        "date": "2024-10-14T08:35:23.962Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.12"
        }
      },
      "id": "VDE-2020-028",
      "initial_release_date": "2020-09-30T11:08:00.000Z",
      "revision_history": [
        {
          "date": "2020-09-30T11:08:00.000Z",
          "number": "1",
          "summary": "initial revision"
        },
        {
          "date": "2025-04-10T13:00:00.000Z",
          "number": "2",
          "summary": "Fixed csaf reference URL"
        },
        {
          "date": "2025-05-14T13:00:14.000Z",
          "number": "3",
          "summary": "Fix: added distribution"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "750-362",
                "product": {
                  "name": "750-362",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-362"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-363",
                "product": {
                  "name": "750-363",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-363"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-823",
                "product": {
                  "name": "750-823",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-823"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-832/xxx-xxx",
                "product": {
                  "name": "750-832/xxx-xxx",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-832/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-862",
                "product": {
                  "name": "750-862",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-862"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-890/0xx-xxx",
                "product": {
                  "name": "750-890/0xx-xxx",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-890/0xx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "750-891",
                "product": {
                  "name": "750-891",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-891"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=FW03",
                "product": {
                  "name": "Firmware \u003c=FW03",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003eFW03",
                "product": {
                  "name": "Firmware \u003eFW03",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO GmbH \u0026 Co. KG"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ],
        "summary": "Affected Products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007"
        ],
        "summary": "Fixed Products"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-362",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-362",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-363",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-363",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-823",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-823",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-832/xxx-xxx",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-832/xxx-xxx",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-862",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-862",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-890/0xx-xxx",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-890/0xx-xxx",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW03 installed on 750-891",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003eFW03 installed on 750-891",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12506",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "description",
          "text": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "* Restrict network access to the device.\n* Do not directly connect the device to the internet.\n* Disable unused TCP/UDP ports.\n* Disable web-based management ports 80/443 after the configuration phase",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update affected devices to version \u003eFW03",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2020-12506"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.