CVE-2020-12522 Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10

🗓️ 17 Dec 2020 22:40:48Reported by CERTVDEType

CVE-2020-12522 Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Serie

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2020-12522	18 Dec 202002:43	–	circl
CNNVD	WAGO Operating System Command Injection Vulnerability in Multiple Products	17 Dec 202000:00	–	cnnvd
CVE	CVE-2020-12522	17 Dec 202022:40	–	cve
EUVD	EUVD-2020-4824	7 Oct 202500:30	–	euvd
NVD	CVE-2020-12522	17 Dec 202023:15	–	nvd
OSV	CVE-2020-12522	17 Dec 202023:15	–	osv
Prion	Design/Logic Flaw	17 Dec 202023:15	–	prion
Tenable Nessus	Wago Controllers OS Command Injection (CVE-2020-12522)	29 Mar 202300:00	–	nessus

[
  {
    "product": "Series PFC 100 (750-81xx/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW10",
        "status": "affected",
        "version": "FW1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series PFC 200 (750-82xx/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW10",
        "status": "affected",
        "version": "FW1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series Wago Touch Panel 600 Standard Line (762-4xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW10",
        "status": "affected",
        "version": "FW1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series Wago Touch Panel 600 Advanced Line (762-5xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW10",
        "status": "affected",
        "version": "FW1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series Wago Touch Panel 600 Marine Line (762-6xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW10",
        "status": "affected",
        "version": "FW1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en-us/advisories/vde-2020-045

17 Dec 2020 22:40Current

9.4High risk

Vulners AI Score9.4

CVSS 3.110

EPSS0.02902

CWE-78