CVE-2019-12549

Name of the Vulnerable Software and Affected Versions WAGO 852-303 versions before FW06 WAGO 852-1305 versions before FW06 WAGO 852-1505 versions before FW03

Description The issue is related to hardcoded private keys for the SSH daemon in the affected devices. This means that the SSH host key fingerprint matches the embedded private key, potentially allowing unauthorized access. The vulnerability could enable a remote attacker to access the device via SSH.

Recommendations For WAGO 852-303 versions before FW06, update to FW06 or later to resolve the issue. For WAGO 852-1305 versions before FW06, update to FW06 or later to resolve the issue. For WAGO 852-1505 versions before FW03, update to FW03 or later to resolve the issue. As a temporary workaround, consider restricting SSH access to minimize the risk of exploitation.