CVE-2019-10712

Name of the Vulnerable Software and Affected Versions WAGO Series 750-88x versions 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 WAGO Series 750-87x versions 750-830, 750-849, 750-871, 750-872, 750-873

Description The issue exists due to hardcoded registration data in the Web-GUI component of the programmable logic controllers' firmware. This allows a remote attacker to modify settings. The Web-GUI on affected devices has undocumented service access.

Recommendations For WAGO Series 750-88x devices, consider disabling the Web-GUI service until a patch is available. For WAGO Series 750-87x devices, restrict access to the Web-GUI component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.