CVE-2019-12549

CRITICAL

WAGO 852-303 < 1.2.2.s0, 852-1305 < 1.1.6.s0, 852-1505 < 1.1.5.s0 - Use of Hard-coded SSH Private Keys

Title source: llm
STIX 2.1

Description

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.wago.com/us/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
Third Party Advisory x_refsource_misc
https://cert.vde.com/en-us/advisories/vde-2019-013

Scores

CVSS v3 9.8
EPSS 0.0326
EPSS Percentile 86.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (3)
wago/852-1305_firmware < 1.1.6.s0
wago/852-1505_firmware < 1.1.5.s0
wago/852-303_firmware < 1.2.2.s0
Published Jun 17, 2019
Tracked Since Feb 18, 2026