CVE-2020-12516 Explained : Impact and Mitigation
Learn about CVE-2020-12516, a high-severity vulnerability in older firmware versions of WAGO PLC families 750-88x and 750-352, allowing for a denial of service attack. Find mitigation steps and preventive measures here.
Older firmware versions of WAGO PLC families 750-88x and 750-352 are vulnerable to a denial of service attack.
Understanding CVE-2020-12516
This CVE involves vulnerabilities in specific WAGO PLC products that could lead to a denial of service attack.
What is CVE-2020-12516?
Older firmware versions (FW1 up to FW10) of WAGO PLC families 750-88x and 750-352 are susceptible to a special denial of service attack.
The Impact of CVE-2020-12516
- CVSS Base Score: 7.5 (High Severity)
- Attack Vector: Network
- Availability Impact: High
- Attack Complexity: Low
- CWE ID: CWE-400 Uncontrolled Resource Consumption
Technical Details of CVE-2020-12516
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability in older firmware versions of WAGO PLC families 750-88x and 750-352 allows for a denial of service attack.
Affected Systems and Versions
- Products affected: 750-331/xxx-xxx, 750-352, 750-829, 750-831/xxx-xxx, 750-852, 750-880/xxx-xxx, 750-881, 750-882, 750-885, 750-889
- Vulnerable versions: FW1<=FW10
Exploitation Mechanism
The vulnerability can be exploited through network access to the affected devices.
Mitigation and Prevention
Protect your systems from CVE-2020-12516 by following these steps:
Immediate Steps to Take
- Update the device to the latest firmware version
- Restrict network access to the device
- Avoid direct connections to the internet
- Disable unused TCP/UDP ports
Long-Term Security Practices
- Regularly update firmware and software
- Implement network segmentation and access controls
- Conduct regular security assessments and audits
Patching and Updates
Ensure that all devices are updated to the latest firmware version to mitigate the vulnerability.