8.8
CVE-2018-12980
- EPSS 10.28%
- Veröffentlicht 12.07.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:11
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wago ≫ 762-3000 Firmware Version < 02
Wago ≫ 762-3001 Firmware Version < 02
Wago ≫ 762-3002 Firmware Version < 02
Wago ≫ 762-3003 Firmware Version < 02
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.28% | 0.928 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.