PT-2018-11512 · Wago · Wago E!Display

T. Weber

·

Publicado

2018-07-12

·

Atualizado

2021-05-20

·

CVE-2018-12980

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WAGO e!DISPLAY versions 762-3000 through 762-3003 with firmware before FW 02
Description The issue allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
Recommendations For WAGO e!DISPLAY versions 762-3000 through 762-3003, update the firmware to FW 02 or later to resolve the issue.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2018-12980

Produtos afetados

Wago E!Display