Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12522 : Vulnerability Insights and Analysis

Learn about CVE-2020-12522, a critical command injection vulnerability in WAGO PFC100, PFC200, and Touch Panel 600 Series with firmware versions <=FW10. Find out the impact, affected systems, exploitation details, and mitigation steps.

A command injection vulnerability in the I/O-Check service of WAGO PFC100, PFC200, and Touch Panel 600 Series with firmware versions <=FW10 allows attackers to execute code with specially crafted packets.

Understanding CVE-2020-12522

This CVE involves a critical vulnerability in WAGO devices that could lead to code execution.

What is CVE-2020-12522?

The vulnerability enables attackers with network access to the device to run malicious code through manipulated packets in various WAGO Series products.

The Impact of CVE-2020-12522

The severity of this vulnerability is rated as critical with a CVSS base score of 10. It poses high risks to confidentiality, integrity, and availability.

Technical Details of CVE-2020-12522

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

The flaw allows threat actors to exploit the I/O-Check service to execute arbitrary commands on affected WAGO devices.

Affected Systems and Versions

        Series PFC 100 (750-81xx/xxx-xxx) with FW1
        Series PFC 200 (750-82xx/xxx-xxx) with FW1
        Series Wago Touch Panel 600 Standard Line (762-4xxx) with FW1
        Series Wago Touch Panel 600 Advanced Line (762-5xxx) with FW1
        Series Wago Touch Panel 600 Marine Line (762-6xxx) with FW1

Exploitation Mechanism

Attackers can leverage network access to send crafted packets to the devices, triggering the execution of malicious code.

Mitigation and Prevention

Protecting systems from CVE-2020-12522 is crucial to prevent exploitation and maintain security.

Immediate Steps to Take

        Disable the I/O-Check service after installation
        Restrict network access to the device
        Avoid direct internet connections

Long-Term Security Practices

        Regularly update firmware to version FW11 or later
        Implement network segmentation and access controls

Patching and Updates

The vulnerability has been addressed in FW11, released in December 2017.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now