WAGO Fixes e!DISPLAY Holes

Tuesday, July 17, 2018 @ 03:07 PM gHale

WAGO released new firmware to fix multiple vulnerabilities in its e!DISPLAY Web-Based-Management (WBM), according to a report with NCCIC.

The vulnerabilities, discovered by T. Weber of SEC Consult, include a cross-site scripting, unrestricted upload of file with dangerous type, and an incorrect permissions for critical resource.

RELATED STORIES
PEPPERL+FUCHS Releases Vulnerability Guidelines
Eaton Fixes Hole in 9000X Drive
Medtronic Updates N’Vision Issues
Siemens Clearing DoS Holes

Successful exploitation of these remotely exploitable vulnerabilities, for which public exploits are available, could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.

The following versions of WAGO e!DISPLAY, an HMI, running firmware FW 01 suffer from the issues:
• 762-3000
• 762-3001
• 762-3002
• 762-3003

In one vulnerability, authenticated and unauthenticated users can send specially crafted requests to the web server, which allows code injection within the WBM. The code will be rendered and/or executed within the user’s browser.

CVE-2018-12981 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.0.

In addition, the vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

CVE-2018-12980 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.0.

Also, weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

CVE-2018-12979 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The products see use mainly in the commercial facilities, critical manufacturing, energy, and transportation systems sectors. They also see action on a global basis.

An attacker with low skill level could leverage the vulnerabilities.

Germany-based WAGO recommends affected users update to the latest firmware (FW 02). Contact WAGO support for update files and specific instructions.
WAGO also recommends the following mitigations:
• Update the device to the latest firmware
• Restrict network access to the device
• Do not directly connect the device to the Internet
• Restrict the number of users with access to the device to a minimum
• Change the default passwords of devices
• Do not install software from untrusted sources
• Do not open websites or follow links from untrusted sources

Click here for view WAGO’s security advisory.



Leave a Reply

You must be logged in to post a comment.