9
CVE-2020-6090
- EPSS 1.22%
- Veröffentlicht 11.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:35:04
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginAn exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wago ≫ Pfc200 Firmware Version03.03.10(15)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.785 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.