VDE-2021-013
Vulnerability from csaf_wagogmbhcokg - Published: 2021-05-05 08:54 - Updated: 2025-05-14 12:28Summary
WAGO: Multiple Vulnerabilities in the Web-Based Management Interface
Notes
Summary: The Web-Based Management (WBM) of WAGOs industrial managed switches is typically used for administration, commissioning and updates.
The reported vulnerabilities allow an attacker with access to the device and the Web-Based Management, to install malware, access to password hashes and create user with admin credentials.
Mitigation: - Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Impact: By exploiting the described vulnerabilities, the attacker potentially is able to manipulate or to disrupt the device.
Remediation: The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
9.8 (Critical)
Mitigation
- Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
7.5 (High)
Mitigation
- Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
7.5 (High)
Mitigation
- Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
6.1 (Medium)
Mitigation
- Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
5.3 (Medium)
Mitigation
- Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
5.3 (Medium)
Mitigation
- Disable the web server of the device.
- Use the CLI interface of the device.
- Update to the latest firmware.
- Restrict network access to the device.
- Do not directly connect the device to the internet.
Vendor Fix
The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.
Regardless of the action described above, the vulnerabilities are fixed with following firmware releases.
| **Item Number** | **FW Version** |
|------------------------|-----------------|
| 0852-0303 (HW<3)* | V1.2.5.S0 |
| 0852-0303 (HW>=3)* | V1.2.3.S1 |
| 0852-1305 | V1.1.8.S0 |
| 0852-1505 | V1.1.7.S0 |
| 0852-1305/000-001 | V1.1.4.S0 |
| 0852-1505/000-001 | V1.1.4.S0 |
References
Acknowledgments
CERT@VDE
certvde.com
IKS – Institut für Kooperative Systeme GmbH
Dr. Tobias Augustin
Stephan Tigges
ABO Wind AG
Kai Gaul
Jan Rübenach
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Dr. Tobias Augustin",
"Stephan Tigges"
],
"organization": "IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH",
"summary": "reported"
},
{
"names": [
"Kai Gaul",
"Jan R\u00fcbenach"
],
"organization": "ABO Wind AG",
"summary": "reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The Web-Based Management (WBM) of WAGOs industrial managed switches is typically used for administration, commissioning and updates.\n\nThe reported vulnerabilities allow an attacker with access to the device and the Web-Based Management, to install malware, access to password hashes and create user with admin credentials.",
"title": "Summary"
},
{
"category": "description",
"text": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"title": "Mitigation"
},
{
"category": "description",
"text": "By exploiting the described vulnerabilities, the attacker potentially is able to manipulate or to disrupt the device.",
"title": "Impact"
},
{
"category": "description",
"text": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "WAGO advisory overview at CERT@VDE",
"url": "https://certvde.com/en/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2021-013: WAGO: Multiple Vulnerabilities in the Web-Based Management Interface - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-013"
},
{
"category": "self",
"summary": "VDE-2021-013: WAGO: Multiple Vulnerabilities in the Web-Based Management Interface - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-013.json"
}
],
"title": "WAGO: Multiple Vulnerabilities in the Web-Based Management Interface",
"tracking": {
"aliases": [
"VDE-2021-013"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-01-27T10:24:13.567Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.17"
}
},
"id": "VDE-2021-013",
"initial_release_date": "2021-05-05T08:54:00.000Z",
"revision_history": [
{
"date": "2021-06-23T12:16:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "2",
"summary": "Fix: version space, added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "0852-1305",
"product": {
"name": "0852-1305",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2688394"
]
}
}
},
{
"category": "product_name",
"name": "0852-1305/000-001",
"product": {
"name": "0852-1305/000-001",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2688459"
]
}
}
},
{
"category": "product_name",
"name": "0852-1505",
"product": {
"name": "0852-1505",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2702177"
]
}
}
},
{
"category": "product_name",
"name": "0852-1505/000-001",
"product": {
"name": "0852-1505/000-001",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2701949"
]
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "(HW\u003c3)*",
"product": {
"name": "Hardware 0852-0303 (HW\u003c3)*",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_version_range",
"name": "(HW\u003e=3)*",
"product": {
"name": "Hardware 0852-0303 (HW\u003e=3)*",
"product_id": "CSAFPID-11006"
}
}
],
"category": "product_name",
"name": "0852-0303"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.3.S0",
"product": {
"name": "Firmware \u003c=V1.2.3.S0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=V1.1.7.S0",
"product": {
"name": "Firmware \u003c=V1.1.7.S0",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=V1.0.4.S0",
"product": {
"name": "Firmware \u003c=V1.0.4.S0",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=V1.1.6.S0",
"product": {
"name": "Firmware \u003c=V1.1.6.S0",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "V1.2.5.S0",
"product": {
"name": "Firmware V1.2.5.S0",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V1.2.3.S1",
"product": {
"name": "Firmware V1.2.3.S1",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "V1.1.8.S0",
"product": {
"name": "Firmware V1.1.8.S0",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "V1.1.7.S0",
"product": {
"name": "Firmware V1.1.7.S0",
"product_id": "CSAFPID-22004"
}
},
{
"category": "product_version",
"name": "V1.1.4.S0",
"product": {
"name": "Firmware V1.1.4.S0",
"product_id": "CSAFPID-22005"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.2.3.S0 installed on Hardware 0852-0303 (HW\u003c3)*",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.2.3.S0 installed on Hardware 0852-0303 (HW\u003e=3)*",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.1.7.S0 installed on 0852-1305",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.4.S0 installed on 0852-1305/000-001",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.1.6.S0 installed on 0852-1505",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.4.S0 installed on 0852-1505/000-001",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.2.5.S0 installed on Hardware 0852-0303 (HW\u003c3)*",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.2.3.S1 installed on Hardware 0852-0303 (HW\u003e=3)*",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.1.8.S0 installed on 0852-1305",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.1.8.S0 installed on 0852-1505",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.1.4.S0 installed on 0852-1305/000-001",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.1.4.S0 installed on 0852-1505/000-001",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20998",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-20998"
},
{
"cve": "CVE-2021-20995",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-20995"
},
{
"cve": "CVE-2021-20997",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-20997"
},
{
"cve": "CVE-2021-20994",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-20994"
},
{
"cve": "CVE-2021-20993",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-20993"
},
{
"cve": "CVE-2021-20996",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "description",
"text": "In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Disable the web server of the device.\n- Use the CLI interface of the device.\n- Update to the latest firmware.\n- Restrict network access to the device.\n- Do not directly connect the device to the internet.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases.\n| **Item Number** | **FW Version** |\n|------------------------|-----------------|\n| 0852-0303 (HW\u003c3)* | V1.2.5.S0 |\n| 0852-0303 (HW\u003e=3)* | V1.2.3.S1 |\n| 0852-1305 | V1.1.8.S0 |\n| 0852-1505 | V1.1.7.S0 |\n| 0852-1305/000-001 | V1.1.4.S0 |\n| 0852-1505/000-001 | V1.1.4.S0 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-20996"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…