Vulnerability CVE-2018-12979


Published: 2018-07-12

Description:
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

See advisories in our WLB2 database:
Topic
Author
Date
High
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
T. Weber
12.07.2018

 References:
http://seclists.org/fulldisclosure/2018/Jul/38
https://cert.vde.com/en-us/advisories/vde-2018-010
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/
https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU

Copyright 2018, cxsecurity.com

 

Back to Top