Vulnerability Details : CVE-2019-12549
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
Products affected by CVE-2019-12549
- cpe:2.3:o:wago:852-303_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:852-1305_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:852-1505_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12549
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12549
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-12549
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12549
-
https://cert.vde.com/en-us/advisories/vde-2019-013
WAGO Multiple Vulnerabilities in industrial managed switches — English (USA)Third Party Advisory
-
https://www.wago.com/us/
WAGO USA | WAGO Corporation: the backbone of a smart-connected world | WAGOVendor Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505 | CISAThird Party Advisory;US Government Resource
Jump to