Vulnerability CVE-2018-12980


Published: 2018-07-12

Description:
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

See advisories in our WLB2 database:
Topic
Author
Date
High
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
T. Weber
12.07.2018

 References:
http://seclists.org/fulldisclosure/2018/Jul/38
https://cert.vde.com/en-us/advisories/vde-2018-010
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/
https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU

Copyright 2018, cxsecurity.com

 

Back to Top