Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2018-12979

Published: 12/07/2018 Updated: 20/05/2021
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 555
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Subscribe to Wago

Vulnerability Summary

An issue exists on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wago 762-3000_firmware

wago 762-3001_firmware

wago 762-3002_firmware

wago 762-3003_firmware

Exploits

Exploit DB: WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 > ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 43 480x272 PIO1 vulnerable version: FW 01 - 010110(01) fixed version: FW 02 ...
Exploit DB: WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
WAGO e!DISPLAY 7300T WP 43 480x272 PIO1 version FW 01 - 010110(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities ...

References

CWE-732https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjUhttps://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/https://cert.vde.com/en-us/advisories/vde-2018-010http://seclists.org/fulldisclosure/2018/Jul/38https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02https://www.exploit-db.com/exploits/45014/https://nvd.nist.govhttps://www.exploit-db.com/exploits/45014/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook