CVE-2020-12522— Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-12522
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
Source: NVD (National Vulnerability Database)
Vulnerability Description
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WAGO 多款产品操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WAGO是德国万可(WAGO)的一款750-88x系列可编程逻辑控制器。该设备专门为在工业环境下应用而设计的数字运算操作电子系统。 WAGO 多款产品存在安全漏洞,该漏洞允许攻击者有网络访问设备执行代码拥有精心设计的包,以下产品及版本受到影响:WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Seri
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| WAGO | Series PFC 100 (750-81xx/xxx-xxx) | FW1 ~ FW10 | - | |
| WAGO | Series PFC 200 (750-82xx/xxx-xxx) | FW1 ~ FW10 | - | |
| WAGO | Series Wago Touch Panel 600 Standard Line (762-4xxx) | FW1 ~ FW10 | - | |
| WAGO | Series Wago Touch Panel 600 Advanced Line (762-5xxx) | FW1 ~ FW10 | - | |
| WAGO | Series Wago Touch Panel 600 Marine Line (762-6xxx) | FW1 ~ FW10 | - |
II. Public POCs for CVE-2020-12522
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-12522
请登录查看更多情报信息。
- https://cert.vde.com/en-us/advisories/vde-2020-045x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-12522
IV. Related Vulnerabilities
Same vendor: WAGO
Same weakness: CWE-78
- CVE-2026-34234
CtrlPanel: Unauthenticated RCE using installer script - CVE-2026-8603
Improper neutralization of special elements used in an OS co - CVE-2026-27130
Dokploy has Command Injection in its Service Operations - CVE-2026-25244
WebdriverIO has Command Injection in the BrowserStack Servic - CVE-2026-8767
vercel ai PR Branch Name Interpolation prettier-on-automerge
V. Comments for CVE-2020-12522
No comments yet