You are here

WAGO e!DISPLAY Web-Based-Management (ICSA-18-198-02) – Product Used in the Energy Sector

WAGO e!DISPLAY Web-Based-Management (ICSA-18-198-02) – Product Used in the Energy Sector

Created: Tuesday, July 17, 2018 - 15:46
Categories:
Cybersecurity

The NCCIC has released an advisory on cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions for critical resource vulnerabilities in WAGO e!DISPLAY Web-Based-Management. Versions 762-300, 762-3001, 762-3002, and 762-3003 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation. WAGO recommends affected users update to the latest firmware (FW 02). The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.