8.8

CVE-2018-12980

Exploit

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

Data is provided by the National Vulnerability Database (NVD)
Wago762-3000 Firmware Version < 02
   Wago762-3000 Version-
Wago762-3001 Firmware Version < 02
   Wago762-3001 Version-
Wago762-3002 Firmware Version < 02
   Wago762-3002 Version-
Wago762-3003 Firmware Version < 02
   Wago762-3003 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 10.28% 0.928
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://seclists.org/fulldisclosure/2018/Jul/38
Third Party Advisory
Exploit
Mailing List
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/45014/
Third Party Advisory
Exploit
VDB Entry