CVE-2012-4879

critical

Published 2012-09-07 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf
http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf
http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.