VDE-2018-010

Vulnerability from csaf_wagogmbhcokg - Published: 2018-07-10 09:50 - Updated: 2025-05-22 13:03
Summary
WAGO: Multiple vulnerabilities in e!DISPLAY products
Notes
Summary: An unauthenticated user can exploit a vulnerability (CVE-2018-12981) to inject code in the WBM via reflected cross-site scripting (XSS), if he is able trick a user to open a special crafted web site. This could allow an attacker to execute code in the context of the user and execute arbitrary commands with restriction to the permissions of the user. Authenticated users can use a vulnerability to inject code in the WBM via persistent cross-site scripting (XSS) via special crafted requests which will be rendered and/or executed in the browser. Authenticated WBM users can transfer arbitrary files to different file system locations (CVE- 2018-12980) to which the web server has the required permissions and partially allowing replacing existing files due weak file permissions (CVE-2018-12979) which can result in an authentication bypass.
Impact: This advisory is based upon the report of SEC Consult. **CVE-2018-12981** **Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE- 79)** **Severity: 8.0 (CVSS:3.0:AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)** The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser. **CVE-2018-12980** **Unrestricted Upload of File with Dangerous Type (CWE-434)** **Severity: 8.0 (CVSS:3.0:AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)** The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. **CVE-2018-12979** **Incorrect Permission Assignment for Critical Resource (CWE-732)** **Severity: 7.5 (CVSS:3.0:AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)** Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.
Remediation: Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices. For details on how to obtain the new firmware, please send a request by email to support@wago.com.
CVE-2018-12980

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

8 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-434 - Unrestricted Upload of File with Dangerous Type
Vendor Fix Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices. For details on how to obtain the new firmware, please send a request by email to support@wago.com.
CVE-2018-12981

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.

8 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vendor Fix Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices. For details on how to obtain the new firmware, please send a request by email to support@wago.com.
CVE-2018-12979

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

7.5 (High)
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-732 - Incorrect Permission Assignment for Critical Resource
Vendor Fix Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices. For details on how to obtain the new firmware, please send a request by email to support@wago.com.
References
Acknowledgments
CERT@VDE
SEC-Consult T. Weber
WAGO
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination."
      },
      {
        "names": [
          "T. Weber"
        ],
        "organization": "SEC-Consult",
        "summary": "discovery and coordination."
      },
      {
        "organization": "WAGO",
        "summary": "coordination."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "An unauthenticated user can exploit a vulnerability (CVE-2018-12981) to inject code in the WBM via reflected cross-site scripting (XSS), if he is able trick a user to open a special crafted web site. This could allow an attacker to execute code in the context of the user and execute arbitrary commands with restriction to the permissions of the user. Authenticated users can use a vulnerability to inject code in the WBM via persistent cross-site scripting (XSS) via special crafted requests which will be rendered and/or executed in the browser. Authenticated WBM users can transfer arbitrary files to different file system locations (CVE- 2018-12980) to which the web server has the required permissions and partially allowing replacing existing files due weak file permissions (CVE-2018-12979) which can result in an authentication bypass.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "This advisory is based upon the report of SEC Consult.\n\n**CVE-2018-12981**\n\n**Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE- 79)**\n\n**Severity: 8.0 (CVSS:3.0:AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)**\n\nThe vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user\u0027s browser.\n\n**CVE-2018-12980**\n\n**Unrestricted Upload of File with Dangerous Type (CWE-434)**\n\n**Severity: 8.0 (CVSS:3.0:AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)**\n\nThe vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.\n\n**CVE-2018-12979**\n\n**Incorrect Permission Assignment for Critical Resource (CWE-732)**\n\n**Severity: 7.5 (CVSS:3.0:AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)**\n\nWeak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices.\n\nFor details on how to obtain the new firmware, please send a request by email to support@wago.com.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      },
      {
        "category": "external",
        "summary": "SEC-Consult Advisory - HTML",
        "url": "https://sec-consult.com/vulnerability-lab/advisory/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/"
      },
      {
        "category": "self",
        "summary": "VDE-2018-010: WAGO: Multiple vulnerabilities in e!DISPLAY products - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2018-010/"
      },
      {
        "category": "external",
        "summary": "WAGO Advisory - PDF",
        "url": "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU"
      },
      {
        "category": "self",
        "summary": "VDE-2018-010: WAGO: Multiple vulnerabilities in e!DISPLAY products - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2018/vde-2018-010.json"
      }
    ],
    "title": "WAGO: Multiple vulnerabilities in e!DISPLAY products",
    "tracking": {
      "aliases": [
        "VDE-2018-010"
      ],
      "current_release_date": "2025-05-22T13:03:10.000Z",
      "generator": {
        "date": "2024-11-11T12:10:40.644Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.14"
        }
      },
      "id": "VDE-2018-010",
      "initial_release_date": "2018-07-10T09:50:00.000Z",
      "revision_history": [
        {
          "date": "2018-07-10T09:50:00.000Z",
          "number": "1",
          "summary": "initial revision"
        },
        {
          "date": "2024-01-16T08:30:00.000Z",
          "number": "2",
          "summary": "added vendor name to title"
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "3",
          "summary": "Fix: removed ia, firmware category, version space, distribution, added distribution, quotation mark"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "e!DISPLAY",
                "product": {
                  "name": "WAGO Hardware e!DISPLAY",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "serial_numbers": [
                      "762-3000",
                      "762-3001",
                      "762-3002",
                      "762-3003"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "FW02",
                "product": {
                  "name": "Firmware FW02",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cFW02",
                "product": {
                  "name": "Firmware \u003cFW02",
                  "product_id": "CSAFPID-21002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW02 installed on WAGO Hardware e!DISPLAY",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003cFW02 installed on WAGO Hardware e!DISPLAY",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12980",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "description",
          "text": "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices.\n\nFor details on how to obtain the new firmware, please send a request by email to support@wago.com.",
          "product_ids": [
            "CSAFPID-11001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2018-12980"
    },
    {
      "cve": "CVE-2018-12981",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user\u0027s browser."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices.\n\nFor details on how to obtain the new firmware, please send a request by email to support@wago.com.",
          "product_ids": [
            "CSAFPID-11001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2018-12981"
    },
    {
      "cve": "CVE-2018-12979",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "description",
          "text": "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update your device to the latest firmware (FW 02). In case this is not feasible limit the access to trusted users and devices.\n\nFor details on how to obtain the new firmware, please send a request by email to support@wago.com.",
          "product_ids": [
            "CSAFPID-11001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2018-12979"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.