Search criteria
18 vulnerabilities found for 0852-0303 by wago
VAR-202105-0529
Vulnerability from variot - Updated: 2023-12-18 12:35In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. plural WAGO The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WAGO is a 750-88x series programmable logic controller from WAGO. The device is a digital operation electronic system designed specifically for applications in an industrial environment.
WAGO has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct verification of client data in WEB applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "0852-0303",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.3.s0"
},
{
"model": "0852-1305\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1305",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.7.s0"
},
{
"model": "0852-1505\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1505",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "0852-1505",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-0303",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1505/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wago",
"scope": null,
"trust": 0.6,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.7.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20994"
}
]
},
"cve": "CVE-2021-20994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20994",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-34728",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-20994",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20994",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-20994",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-34728",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20994",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "VULMON",
"id": "CVE-2021-20994"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. plural WAGO The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WAGO is a 750-88x series programmable logic controller from WAGO. The device is a digital operation electronic system designed specifically for applications in an industrial environment. \n\r\n\r\nWAGO has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct verification of client data in WEB applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "VULMON",
"id": "CVE-2021-20994"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20994",
"trust": 3.9
},
{
"db": "CERT@VDE",
"id": "VDE-2021-013",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-34728",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20994",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "VULMON",
"id": "CVE-2021-20994"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"id": "VAR-202105-0529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
}
],
"trust": 1.05454547
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
}
]
},
"last_update_date": "2023-12-18T12:35:05.221000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "Patch for WAGO Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/265081"
},
{
"title": "WAGO Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151438"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20994"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-013/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "VULMON",
"id": "CVE-2021-20994"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "VULMON",
"id": "CVE-2021-20994"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20994"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"date": "2021-05-13T14:15:17.970000",
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20994"
},
{
"date": "2022-01-24T06:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-006863"
},
{
"date": "2021-05-20T20:06:30.033000",
"db": "NVD",
"id": "CVE-2021-20994"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34728"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-824"
}
],
"trust": 0.6
}
}
VAR-202105-0531
Vulnerability from variot - Updated: 2023-12-18 12:35In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. plural WAGO The product contains a vulnerability in improper permission assignment for critical resources.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0531",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "0852-0303",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.3.s0"
},
{
"model": "0852-1305\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1305",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.7.s0"
},
{
"model": "0852-1505\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1505",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "0852-1505",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-0303",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1505/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.7.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20996"
}
]
},
"cve": "CVE-2021-20996",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-20996",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-006865",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20996",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-20996",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-827",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20996",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. plural WAGO The product contains a vulnerability in improper permission assignment for critical resources.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "VULMON",
"id": "CVE-2021-20996"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20996",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2021-013",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006865",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-827",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20996",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"id": "VAR-202105-0531",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45454547000000006
},
"last_update_date": "2023-12-18T12:35:05.170000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151440"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20996"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-013/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/732.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20996"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"date": "2021-05-13T14:15:18.040000",
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20996"
},
{
"date": "2022-01-24T06:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-006865"
},
{
"date": "2021-05-20T20:05:02.617000",
"db": "NVD",
"id": "CVE-2021-20996"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability in improper permission assignment for critical resources in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-827"
}
],
"trust": 0.6
}
}
VAR-202105-0530
Vulnerability from variot - Updated: 2023-12-18 12:35In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. plural WAGO The product contains a vulnerability in the plaintext storage of important information.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "0852-0303",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.3.s0"
},
{
"model": "0852-1305\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1305",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.7.s0"
},
{
"model": "0852-1505\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1505",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "0852-1505",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-0303",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1505/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.7.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20995"
}
]
},
"cve": "CVE-2021-20995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-20995",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20995",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20995",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-20995",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-826",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20995",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20995"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. plural WAGO The product contains a vulnerability in the plaintext storage of important information.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "VULMON",
"id": "CVE-2021-20995"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20995",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2021-013",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006864",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-826",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20995",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20995"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"id": "VAR-202105-0530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45454547000000006
},
"last_update_date": "2023-12-18T12:35:05.195000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151439"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20995"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-013/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20995"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20995"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20995"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"date": "2021-05-13T14:15:18.007000",
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20995"
},
{
"date": "2022-01-24T06:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-006864"
},
{
"date": "2021-05-20T20:05:53.580000",
"db": "NVD",
"id": "CVE-2021-20995"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability in plaintext storage of important information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006864"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-826"
}
],
"trust": 0.6
}
}
VAR-202105-0533
Vulnerability from variot - Updated: 2023-12-18 12:35In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. plural WAGO The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "0852-0303",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.3.s0"
},
{
"model": "0852-1305\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1305",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.7.s0"
},
{
"model": "0852-1505\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1505",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "0852-1505",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-0303",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1505/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.7.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20998"
}
]
},
"cve": "CVE-2021-20998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-20998",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20998",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20998",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-20998",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-829",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-20998",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20998"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. plural WAGO The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "VULMON",
"id": "CVE-2021-20998"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20998",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2021-013",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006867",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-829",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20998",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20998"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"id": "VAR-202105-0533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45454547000000006
},
"last_update_date": "2023-12-18T12:35:05.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151442"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20998"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-013/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20998"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20998"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20998"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"date": "2021-05-13T14:15:18.113000",
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20998"
},
{
"date": "2022-01-24T06:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-006867"
},
{
"date": "2021-05-20T20:03:56.123000",
"db": "NVD",
"id": "CVE-2021-20998"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Vulnerability in lack of authentication for critical features in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006867"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-829"
}
],
"trust": 0.6
}
}
VAR-202105-0528
Vulnerability from variot - Updated: 2023-12-18 12:35In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. plural WAGO The product contains a vulnerability related to information leakage.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "0852-0303",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.3.s0"
},
{
"model": "0852-1305\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1305",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.7.s0"
},
{
"model": "0852-1505\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1505",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "0852-1505",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-0303",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1505/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.7.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20993"
}
]
},
"cve": "CVE-2021-20993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-20993",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-006862",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20993",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-20993",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-823",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20993",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20993"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. plural WAGO The product contains a vulnerability related to information leakage.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "VULMON",
"id": "CVE-2021-20993"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20993",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2021-013",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006862",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-823",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20993",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20993"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"id": "VAR-202105-0528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45454547000000006
},
"last_update_date": "2023-12-18T12:35:01.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151437"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20993"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-013/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20993"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20993"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20993"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"date": "2021-05-13T14:15:17.933000",
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20993"
},
{
"date": "2022-01-24T06:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-006862"
},
{
"date": "2021-05-20T19:47:56.733000",
"db": "NVD",
"id": "CVE-2021-20993"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Information leakage vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-823"
}
],
"trust": 0.6
}
}
VAR-202105-0532
Vulnerability from variot - Updated: 2023-12-18 12:35In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. plural WAGO The product contains a vulnerability related to insufficient protection of credentials.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "0852-0303",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.2.3.s0"
},
{
"model": "0852-1305\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1305",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.7.s0"
},
{
"model": "0852-1505\\/000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.0.4.s0"
},
{
"model": "0852-1505",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "1.1.6.s0"
},
{
"model": "0852-1505",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-0303",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1305",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "0852-1505/000-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.3.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.7.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.6.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1305\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1305\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wago:0852-1505\\/000-001_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.s0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wago:0852-1505\\/000-001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20997"
}
]
},
"cve": "CVE-2021-20997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-20997",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-006866",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20997",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-20997",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20997",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20997"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. plural WAGO The product contains a vulnerability related to insufficient protection of credentials.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "VULMON",
"id": "CVE-2021-20997"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20997",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2021-013",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006866",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-828",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20997",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20997"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"id": "VAR-202105-0532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45454547000000006
},
"last_update_date": "2023-12-18T12:35:01.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151441"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20997"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-013/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20997"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20997"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20997"
},
{
"date": "2022-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"date": "2021-05-13T14:15:18.077000",
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20997"
},
{
"date": "2022-01-24T06:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-006866"
},
{
"date": "2021-05-20T20:04:21.193000",
"db": "NVD",
"id": "CVE-2021-20997"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Inadequate protection of credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006866"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-828"
}
],
"trust": 0.6
}
}
CVE-2021-20997 (GCVE-0-2021-20997)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-16 23:42
VLAI?
Title
WAGO: Managed Switches: Unauthorized access to password hashes
Summary
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
Severity ?
7.5 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Unauthorized access to password hashes",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20997",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unauthorized access to password hashes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20997",
"datePublished": "2021-05-13T13:45:25.054592Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T23:42:19.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20998 (GCVE-0-2021-20998)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-17 00:51
VLAI?
Title
WAGO: Managed Switches: Unauthorized creation of user accounts
Summary
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Unauthorized creation of user accounts",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20998",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unauthorized creation of user accounts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20998",
"datePublished": "2021-05-13T13:45:25.179394Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T00:51:42.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20995 (GCVE-0-2021-20995)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-17 04:24
VLAI?
Title
WAGO: Managed Switches: Storage of user credentials in a cookie
Summary
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Severity ?
5.3 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Storage of user credentials in a cookie",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20995",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Storage of user credentials in a cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20995",
"datePublished": "2021-05-13T13:45:24.828603Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T04:24:28.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20996 (GCVE-0-2021-20996)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-16 23:15
VLAI?
Title
WAGO: Managed Switches: Unsecure Cookie settings
Summary
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
Severity ?
5.3 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Unsecure Cookie settings",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20996",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unsecure Cookie settings"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20996",
"datePublished": "2021-05-13T13:45:24.938129Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T23:15:25.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20994 (GCVE-0-2021-20994)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-17 01:16
VLAI?
Title
WAGO: Managed Switches: Reflected Cross-site Scripting
Summary
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Reflected Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20994",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Reflected Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20994",
"datePublished": "2021-05-13T13:45:24.684398Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T01:16:25.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20993 (GCVE-0-2021-20993)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-16 22:46
VLAI?
Title
WAGO: Managed Switches: Exposure of sensitive information through directory listing
Summary
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Exposure of sensitive information through directory listing",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20993",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Exposure of sensitive information through directory listing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20993",
"datePublished": "2021-05-13T13:45:24.560374Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T22:46:34.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20997 (GCVE-0-2021-20997)
Vulnerability from nvd – Published: 2021-05-13 13:45 – Updated: 2024-09-16 23:42
VLAI?
Title
WAGO: Managed Switches: Unauthorized access to password hashes
Summary
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
Severity ?
7.5 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Unauthorized access to password hashes",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20997",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unauthorized access to password hashes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20997",
"datePublished": "2021-05-13T13:45:25.054592Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T23:42:19.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20998 (GCVE-0-2021-20998)
Vulnerability from nvd – Published: 2021-05-13 13:45 – Updated: 2024-09-17 00:51
VLAI?
Title
WAGO: Managed Switches: Unauthorized creation of user accounts
Summary
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Unauthorized creation of user accounts",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20998",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unauthorized creation of user accounts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20998",
"datePublished": "2021-05-13T13:45:25.179394Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T00:51:42.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20995 (GCVE-0-2021-20995)
Vulnerability from nvd – Published: 2021-05-13 13:45 – Updated: 2024-09-17 04:24
VLAI?
Title
WAGO: Managed Switches: Storage of user credentials in a cookie
Summary
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Severity ?
5.3 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Storage of user credentials in a cookie",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20995",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Storage of user credentials in a cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20995",
"datePublished": "2021-05-13T13:45:24.828603Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T04:24:28.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20996 (GCVE-0-2021-20996)
Vulnerability from nvd – Published: 2021-05-13 13:45 – Updated: 2024-09-16 23:15
VLAI?
Title
WAGO: Managed Switches: Unsecure Cookie settings
Summary
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
Severity ?
5.3 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Unsecure Cookie settings",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20996",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unsecure Cookie settings"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20996",
"datePublished": "2021-05-13T13:45:24.938129Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T23:15:25.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20994 (GCVE-0-2021-20994)
Vulnerability from nvd – Published: 2021-05-13 13:45 – Updated: 2024-09-17 01:16
VLAI?
Title
WAGO: Managed Switches: Reflected Cross-site Scripting
Summary
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Reflected Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20994",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Reflected Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20994",
"datePublished": "2021-05-13T13:45:24.684398Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T01:16:25.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20993 (GCVE-0-2021-20993)
Vulnerability from nvd – Published: 2021-05-13 13:45 – Updated: 2024-09-16 22:46
VLAI?
Title
WAGO: Managed Switches: Exposure of sensitive information through directory listing
Summary
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 0852-0303 |
Affected:
unspecified , ≤ V1.2.3.S0
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dr. Tobias Augustin and Stephan Tigges of IKS – Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "0852-0303",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.2.3.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.7.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.1.6.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1305/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "0852-1505/000-001",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "V1.0.4.S0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
],
"solutions": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Managed Switches: Exposure of sensitive information through directory listing",
"workarounds": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"ID": "CVE-2021-20993",
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Exposure of sensitive information through directory listing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS \u2013 Institut f\u00fcr Kooperative Systeme GmbH, Kai Gaul and Jan R\u00fcbenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "en",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW \u003c 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW \u003e=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20993",
"datePublished": "2021-05-13T13:45:24.560374Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T22:46:34.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}