Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2018-12981

Published: 12/07/2018 Updated: 20/05/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 355
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to 762-3000 Firmware

Vulnerability Summary

An issue exists on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wago 762-3000_firmware

wago 762-3001_firmware

wago 762-3002_firmware

wago 762-3003_firmware

Exploits

Exploit DB: WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 > ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 43 480x272 PIO1 vulnerable version: FW 01 - 010110(01) fixed version: FW 02 ...
Exploit DB: WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
WAGO e!DISPLAY 7300T WP 43 480x272 PIO1 version FW 01 - 010110(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities ...

References

CWE-79https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjUhttps://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/https://cert.vde.com/en-us/advisories/vde-2018-010http://seclists.org/fulldisclosure/2018/Jul/38https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02https://www.exploit-db.com/exploits/45014/https://nvd.nist.govhttps://www.exploit-db.com/exploits/45014/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook