CVE-2018-12979
MEDIUMWago 762-3000 Firmware < 02 - Incorrect Permission Assignment
Title source: ruleDescription
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by SEC Consult · textwebappsphp
https://www.exploit-db.com/exploits/45014
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://cert.vde.com/en-us/advisories/vde-2018-010
Exploit, Third Party Advisory x_refsource_misc
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
Third Party Advisory x_refsource_confirm
https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45014/
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/38
Scores
CVSS v3
6.5
EPSS
0.0488
EPSS Percentile
89.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (4)
wago/762-3000_firmware
< 02
wago/762-3001_firmware
< 02
wago/762-3002_firmware
< 02
wago/762-3003_firmware
< 02
Published
Jul 12, 2018
Tracked Since
Feb 18, 2026