Vulnerability identifier: #VU13849
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-732
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
WAGO e!DISPLAY 7300T 762-300
Hardware solutions /
Firmware
WAGO e!DISPLAY 7300T 762-3002
Hardware solutions /
Firmware
WAGO e!DISPLAY 7300T 762-3001
Hardware solutions /
Firmware
WAGO e!DISPLAY 7300T 762-3000
Hardware solutions /
Firmware
Vendor: WAGO
Description
The vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists due to weak permissions. A remote attacker can abuse the unrestricted file upload in the WBM and overwrite critical files.
Mitigation
Update to version 02.
Vulnerable software versions
WAGO e!DISPLAY 7300T 762-300: 01
WAGO e!DISPLAY 7300T 762-3002: 01
WAGO e!DISPLAY 7300T 762-3001: 01
WAGO e!DISPLAY 7300T 762-3000: 01
External links
http://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3Bk...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.