The NCCIC has released an advisory on cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions for critical resource vulnerabilities in WAGO e!DISPLAY Web-Based-Management. Versions 762-300, 762-3001, 762-3002, and 762-3003 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation. WAGO recommends affected users update to the latest firmware (FW 02). The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
You are here
Related Resources
Aug 15, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Aug 15, 2024 in Cybersecurity, in Security Preparedness
Aug 15, 2024 in Cybersecurity, in Security Preparedness