CVE-2020-6090

HIGH Year: 2020
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-345
View all →

Vulnerability Description

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Related Vulnerabilities

CVE-2016-2309

HIGH
CVSS:7.2(High)

iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CWE-3452016

CVE-2020-24045

HIGH
CVSS:7.2(High)

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The rest...

CWE-3452020

CVE-2022-20829

HIGH
CVSS:7.2(High)

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authentic...

CWE-3452022

CVE-2022-30272

HIGH
CVSS:7.2(High)

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy C...

CWE-3452022

CVE-2023-31502

HIGH
CVSS:7.2(High)

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.

CWE-3452023

CVE-2023-4589

HIGH
CVSS:7.2(High)

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without pro...

CWE-3452023