Description
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by SEC Consult · textwebappsphp
https://www.exploit-db.com/exploits/45014
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://cert.vde.com/en-us/advisories/vde-2018-010
Exploit, Third Party Advisory x_refsource_misc
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02
Third Party Advisory x_refsource_confirm
https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45014/
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/38
Scores
CVSS v3
5.4
EPSS
0.0215
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
wago/762-3000_firmware
< 02
wago/762-3001_firmware
< 02
wago/762-3002_firmware
< 02
wago/762-3003_firmware
< 02
Published
Jul 12, 2018
Tracked Since
Feb 18, 2026