CVE-2020-12522

IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN OS COMMAND CWE78
A command injection vulnerability in WAGO I/O-Check service, which allows an attacker with network access to the PFC device to remotely execute code with specially crafted packets.

Read more: Claroty Uncovers RCE Vulnerability in WAGO Controller Firmware

Risk Information

  • CVE ID
  • CVE-2020-12522
  • Vendor
  • WAGO
  • Product
  • PFC100/200
  • CVSS v3
  • 10