CVE-2020-12522
Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
In short
A critical flaw in WAGO industrial controllers and touch panels allows attackers on the network to run malicious code by sending specially crafted packets. This bypasses normal security controls and puts critical industrial systems at risk.
Technical detail
Command injection vulnerability (CWE-78) in the I/O-Check service of WAGO PFC100, PFC200, and Touch Panel 600 series devices with firmware ≤FW10. An unauthenticated network attacker can execute arbitrary code by crafting malicious network packets targeting the vulnerable service, affecting industrial automation and control systems.
Summary generated and translated by AI from the official description.
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
WAGO · Series PFC 100 (750-81xx/xxx-xxx)WAGO · Series PFC 200 (750-82xx/xxx-xxx)WAGO · Series Wago Touch Panel 600 Advanced Line (762-5xxx)WAGO · Series Wago Touch Panel 600 Marine Line (762-6xxx)WAGO · Series Wago Touch Panel 600 Standard Line (762-4xxx)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →