Main
Vulnerability Database
Exploits
ID:6185 - Exploit for Incorrect default permissions in WAGO products - CVE-2018-12979
ID:6185 - Exploit for Incorrect default permissions in WAGO products - CVE-2018-12979
Published: June 17, 2021
Vulnerability identifier: #VU13849
Vulnerability risk: Low
CVE-ID: CVE-2018-12979
CWE-ID: CWE-732
Exploitation vector: Remote access
Vulnerable software:
WAGO e!DISPLAY 7300T 762-300
WAGO e!DISPLAY 7300T 762-3002
WAGO e!DISPLAY 7300T 762-3001
WAGO e!DISPLAY 7300T 762-3000
WAGO e!DISPLAY 7300T 762-300
WAGO e!DISPLAY 7300T 762-3002
WAGO e!DISPLAY 7300T 762-3001
WAGO e!DISPLAY 7300T 762-3000
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists due to weak permissions. A remote attacker can abuse the unrestricted file upload in the WBM and overwrite critical files.
Remediation
Update to version 02.