6.5

CVE-2018-12979

Exploit

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wago762-3000 Firmware Version < 02
   Wago762-3000 Version-
Wago762-3001 Firmware Version < 02
   Wago762-3001 Version-
Wago762-3002 Firmware Version < 02
   Wago762-3002 Version-
Wago762-3003 Firmware Version < 02
   Wago762-3003 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.77% 0.915
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://seclists.org/fulldisclosure/2018/Jul/38
Third Party Advisory
Exploit
Mailing List
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/45014/
Third Party Advisory
Exploit
VDB Entry