CVE-2018-12979

MEDIUM

Wago 762-3000 Firmware < 02 - Incorrect Permission Assignment

Title source: rule

Description

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SEC Consult · textwebappsphp

https://www.exploit-db.com/exploits/45014

View Code ZIP pw:eip

References (6)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jul/38

[Third Party Advisory] https://cert.vde.com/en-us/advisories/vde-2018-010

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45014/

[Exploit, Third Party Advisory] https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/

[Third Party Advisory] https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU

Scores

CVSS v3 6.5

EPSS 0.0488

EPSS Percentile 89.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-732

Status published

Affected Products (4)

wago/762-3000_firmware < 02

wago/762-3001_firmware < 02

wago/762-3002_firmware < 02

wago/762-3003_firmware < 02

Timeline

Published Jul 12, 2018

Tracked Since Feb 18, 2026