← Back to home
ICSA-18-198-02  ·  Published 2018-07-17  ·  View on CISA ICS-CERT ↗

WAGO e!DISPLAY Web-Based-Management

CVSS 8.0 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user 's browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.

CVEs (1)

Remediations

  • WAGO recommends affected users update to the latest firmware (FW 02). Contact WAGO support for update files and specific instructions.
  • Update the device to the latest firmware.
  • Restrict network access to the device.
  • Do not directly connect the device to the Internet.
  • Restrict the number of users with access to the device to a minimum.
  • Change the default passwords of devices.
  • Do not install software from untrusted sources.
  • Do not open websites or follow links from untrusted sources.
  • WAGO has published a security advisory

Affected Vendors

WAGO

Affected Products (4)

WAGO · WAGO e!DISPLAY 762-3002 FW 01
WAGO · WAGO e!DISPLAY 762-3000 FW 01
WAGO · WAGO e!DISPLAY 762-3001 FW 01
WAGO · WAGO e!DISPLAY 762-3003 FW 01

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more