CVE-2020-12506

Name of the Vulnerable Software and Affected Versions WAGO 750-8XX series versions FW03 and prior versions WAGO 750-362 versions FW03 and prior versions WAGO 750-363 versions FW03 and prior versions WAGO 750-823 versions FW03 and prior versions WAGO 750-832/xxx-xxx versions FW03 and prior versions WAGO 750-862 versions FW03 and prior versions WAGO 750-891 versions FW03 and prior versions WAGO 750-890/xxx-xxx versions FW03 and prior versions

Description The issue is related to an Improper Authentication vulnerability in the WAGO 750-8XX series, which allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication. This can be done remotely.

Recommendations For WAGO 750-8XX series versions FW03 and prior versions, consider disabling remote access until a patch is available. For WAGO 750-362 versions FW03 and prior versions, restrict access to the device settings to minimize the risk of exploitation. For WAGO 750-363 versions FW03 and prior versions, avoid using the device until a fixed version is released. For WAGO 750-823 versions FW03 and prior versions, limit the ability to send specifically constructed requests to the device. For WAGO 750-832/xxx-xxx versions FW03 and prior versions, consider implementing additional authentication measures. For WAGO 750-862 versions FW03 and prior versions, restrict access to the device settings. For WAGO 750-891 versions FW03 and prior versions, avoid using the device until a fixed version is released. For WAGO 750-890/xxx-xxx versions FW03 and prior versions, limit the ability to send specifically constructed requests to the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.