CVE-2020-12505 : What You Need to Know
Learn about CVE-2020-12505, an Improper Authentication vulnerability in WAGO 750-8XX series devices with FW version <= FW07. Discover the impact, affected systems, and mitigation steps.
A vulnerability in web-based authentication in WAGO 750-8XX series with FW version <= FW07 allows unauthorized parameter changes without authentication.
Understanding CVE-2020-12505
This CVE involves an Improper Authentication vulnerability affecting specific WAGO products and versions.
What is CVE-2020-12505?
The vulnerability allows attackers to modify certain parameters without proper authentication on WAGO devices with firmware version FW07 or below.
The Impact of CVE-2020-12505
- CVSS Base Score: 8.2 (High)
- Attack Vector: Network
- Availability Impact: High
- Integrity Impact: Low
- Privileges Required: None
- Scope: Unchanged
Technical Details of CVE-2020-12505
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability arises from improper authentication mechanisms in WAGO 750-8XX series devices with FW version <= FW07, enabling unauthorized parameter modifications.
Affected Systems and Versions
- WAGO 750-852
- WAGO 750-880/xxx-xxx
- WAGO 750-881
- WAGO 750-831/xxx-xxx
- WAGO 750-882
- WAGO 750-885/xxx-xxx
- WAGO 750-889
Exploitation Mechanism
Attackers can exploit this vulnerability over the network without requiring any special privileges, potentially leading to unauthorized parameter changes.
Mitigation and Prevention
Protect your systems from CVE-2020-12505 with the following steps:
Immediate Steps to Take
- Upgrade devices to firmware versions above FW07.
Long-Term Security Practices
- Restrict network access to the device.
- Avoid direct internet connections.
- Disable unused TCP/UDP ports.
- Deactivate web-based management ports 80/443 post-configuration.
Patching and Updates
Ensure all devices are updated to the latest standard firmware to mitigate the vulnerability.