CVE-2019-12550

Name of the Vulnerable Software and Affected Versions WAGO 852-303 versions before FW06 WAGO 852-1305 versions before FW06 WAGO 852-1505 versions before FW03

Description The issue is related to hardcoded users and passwords in the devices, which can be used for login via SSH and TELNET protocols. This allows a remote attacker to access the device using these protocols. The vulnerability is associated with the presence of pre-installed authentication data, specifically a root account.

Recommendations For WAGO 852-303 versions before FW06, update to FW06 or later to resolve the issue. For WAGO 852-1305 versions before FW06, update to FW06 or later to resolve the issue. For WAGO 852-1505 versions before FW03, update to FW03 or later to resolve the issue. As a temporary workaround, consider disabling SSH and TELNET access to the devices until a patch is available.