CVE-2020-12506
WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
In short
WAGO industrial controllers with firmware version 3 or earlier allow attackers to modify device settings without needing a password or login credentials. This is critical because these devices control industrial equipment, and unauthorized changes could disrupt operations or cause safety hazards.
Technical detail
Improper authentication implementation in WAGO 750-series PLCs (versions ≤FW03) enables unauthenticated modification of device configuration via crafted requests. The vulnerability requires network access to the affected device but no credentials, allowing an attacker to alter critical operational settings with direct impact on industrial control system integrity and availability.
Summary generated and translated by AI from the official description.
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
WAGO · 750-362WAGO · 750-363WAGO · 750-823WAGO · 750-832/xxx-xxxWAGO · 750-862WAGO · 750-890/xxx-xxxWAGO · 750-891Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →