CVE-2018-12980

HIGH

Wago 762-3000 Firmware < 02 - Unrestricted File Upload

Title source: rule

Description

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SEC Consult · textwebappsphp

https://www.exploit-db.com/exploits/45014

View Code ZIP pw:eip

References (6)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jul/38

[Third Party Advisory] https://cert.vde.com/en-us/advisories/vde-2018-010

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45014/

[Exploit, Third Party Advisory] https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/

[Third Party Advisory] https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU

Scores

CVSS v3 8.8

EPSS 0.2049

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status published

Affected Products (4)

wago/762-3000_firmware < 02

wago/762-3001_firmware < 02

wago/762-3002_firmware < 02

wago/762-3003_firmware < 02

Timeline

Published Jul 12, 2018

Tracked Since Feb 18, 2026