CVE-2018-12980
HIGHWago 762-3000 Firmware < 02 - Unrestricted File Upload
Title source: ruleDescription
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by SEC Consult · textwebappsphp
https://www.exploit-db.com/exploits/45014
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://cert.vde.com/en-us/advisories/vde-2018-010
Exploit, Third Party Advisory x_refsource_misc
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
Third Party Advisory x_refsource_confirm
https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45014/
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/38
Scores
CVSS v3
8.8
EPSS
0.2049
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (4)
wago/762-3000_firmware
< 02
wago/762-3001_firmware
< 02
wago/762-3002_firmware
< 02
wago/762-3003_firmware
< 02
Published
Jul 12, 2018
Tracked Since
Feb 18, 2026