Learn about CVE-2020-12522, a critical command injection vulnerability in WAGO PFC100, PFC200, and Touch Panel 600 Series with firmware versions <=FW10. Find out the impact, affected systems, exploitation details, and mitigation steps.
A command injection vulnerability in the I/O-Check service of WAGO PFC100, PFC200, and Touch Panel 600 Series with firmware versions <=FW10 allows attackers to execute code with specially crafted packets.
Understanding CVE-2020-12522
This CVE involves a critical vulnerability in WAGO devices that could lead to code execution.
What is CVE-2020-12522?
The vulnerability enables attackers with network access to the device to run malicious code through manipulated packets in various WAGO Series products.
The Impact of CVE-2020-12522
The severity of this vulnerability is rated as critical with a CVSS base score of 10. It poses high risks to confidentiality, integrity, and availability.
Technical Details of CVE-2020-12522
This section provides detailed technical insights into the vulnerability.
Vulnerability Description
The flaw allows threat actors to exploit the I/O-Check service to execute arbitrary commands on affected WAGO devices.
Affected Systems and Versions
Exploitation Mechanism
Attackers can leverage network access to send crafted packets to the devices, triggering the execution of malicious code.
Mitigation and Prevention
Protecting systems from CVE-2020-12522 is crucial to prevent exploitation and maintain security.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates
The vulnerability has been addressed in FW11, released in December 2017.