Lucene search

PRIOn knowledge basePRION:CVE-2018-12981

HistoryJul 12, 2018 - 6:29 p.m.

Design/Logic Flaw

2018-07-1218:29:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user’s browser.

CPENameOperatorVersion
762-3000_firmwarelt02
762-3001_firmwarelt02
762-3002_firmwarelt02
762-3003_firmwarelt02

Name	Operator	Version
762-3000_firmware	lt	02
762-3001_firmware	lt	02
762-3002_firmware	lt	02
762-3003_firmware	lt	02

References

seclists.org/fulldisclosure/2018/Jul/38

cert.vde.com/en-us/advisories/vde-2018-010

ics-cert.us-cert.gov/advisories/ICSA-18-198-02

www.exploit-db.com/exploits/45014/

www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/

www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU