VDE-2020-029
Vulnerability from csaf_wagogmbhcokg - Published: 2020-09-30 11:11 - Updated: 2025-05-14 13:00Summary
WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X
Notes
Summary: The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
The SNMP configuration page of the device is vulnerable for a persistent XSS (Cross-Site Scripting) attack.
Impact: An attacker needs an authorized login on the device in order to exploit the snmp configuration website with malicious scripts. This can be used to install malicious code and to gain access to confidential information.
Mitigation: * Restrict network access to the device.
* Use strong passwords
* Do not directly connect the device to the internet
* Disable unused TCP/UDP-ports
Remediation: update devices
| Product | Fixed Versions |
|------------------|----------------|
| 750-362 | FW05 |
| 750-363 | FW05 |
| 750-823 | FW05 |
| 750-832/xxx-xxx | FW05 |
| 750-862 | FW05 |
| 750-891 | FW05 |
| 750-890/xxx-xxx | FW05 |
| 750-352 | FW14 |
| 750-831/xxx-xxx | FW14 |
| 750-852 | FW14 |
| 750-880/xxx-xxx | FW14 |
| 750-881 | FW14 |
| 750-889 | FW14 |
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
6.1 (Medium)
Mitigation
* Restrict network access to the device.
* Use strong passwords
* Do not directly connect the device to the internet
* Disable unused TCP/UDP-ports
Vendor Fix
update devices
| Product | Fixed Versions |
|------------------|----------------|
| 750-362 | FW05 |
| 750-363 | FW05 |
| 750-823 | FW05 |
| 750-832/xxx-xxx | FW05 |
| 750-862 | FW05 |
| 750-891 | FW05 |
| 750-890/xxx-xxx | FW05 |
| 750-352 | FW14 |
| 750-831/xxx-xxx | FW14 |
| 750-852 | FW14 |
| 750-880/xxx-xxx | FW14 |
| 750-881 | FW14 |
| 750-889 | FW14 |
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERTVDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.\nThe SNMP configuration page of the device is vulnerable for a persistent XSS (Cross-Site Scripting) attack.",
"title": "Summary"
},
{
"category": "description",
"text": "An attacker needs an authorized login on the device in order to exploit the snmp configuration website with malicious scripts. This can be used to install malicious code and to gain access to confidential information.",
"title": "Impact"
},
{
"category": "description",
"text": "* Restrict network access to the device. \n* Use strong passwords \n* Do not directly connect the device to the internet \n* Disable unused TCP/UDP-ports",
"title": "Mitigation"
},
{
"category": "description",
"text": "update devices\n\n| Product | Fixed Versions |\n|------------------|----------------|\n| 750-362 | FW05 |\n| 750-363 | FW05 |\n| 750-823 | FW05 |\n| 750-832/xxx-xxx | FW05 |\n| 750-862 | FW05 |\n| 750-891 | FW05 |\n| 750-890/xxx-xxx | FW05 |\n| 750-352 | FW14 |\n| 750-831/xxx-xxx | FW14 |\n| 750-852 | FW14 |\n| 750-880/xxx-xxx | FW14 |\n| 750-881 | FW14 |\n| 750-889 | FW14 |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "WAGO GmbH \u0026 Co. KG",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2020-029: WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-029/"
},
{
"category": "self",
"summary": "VDE-2020-029: WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-029.json"
}
],
"title": "WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X",
"tracking": {
"aliases": [
"VDE-2020-029"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2024-10-14T09:17:20.594Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.12"
}
},
"id": "VDE-2020-029",
"initial_release_date": "2020-09-30T11:11:00.000Z",
"revision_history": [
{
"date": "2020-09-30T11:11:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-04-10T13:00:00.000Z",
"number": "2",
"summary": "Fixed csaf reference URL"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-352",
"product": {
"name": "750-352",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"750-352"
]
}
}
},
{
"category": "product_name",
"name": "750-362",
"product": {
"name": "750-362",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"750-362"
]
}
}
},
{
"category": "product_name",
"name": "750-363",
"product": {
"name": "750-363",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-363"
]
}
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-823"
]
}
}
},
{
"category": "product_name",
"name": "750-831/xxx-xxx",
"product": {
"name": "750-831/xxx-xxx",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"750-831/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-832/xxx-xxx",
"product": {
"name": "750-832/xxx-xxx",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"750-832/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"750-852"
]
}
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"750-862"
]
}
}
},
{
"category": "product_name",
"name": "750-880/xxx-xxx",
"product": {
"name": "750-880/xxx-xxx",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"750-880/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"750-881"
]
}
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"750-889"
]
}
}
},
{
"category": "product_name",
"name": "750-890/0xx-xxx",
"product": {
"name": "750-890/0xx-xxx",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"750-890/0xx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"750-891"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW13",
"product": {
"name": "Firmware \u003c=FW13",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW14",
"product": {
"name": "Firmware FW14",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW03",
"product": {
"name": "Firmware \u003c=FW03",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "FW05",
"product": {
"name": "Firmware FW05",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW13 installed on 750-352",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW14 installed on 750-352",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-362",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-362",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-363",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-363",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-823",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-823",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW13 installed on 750-831/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW14 installed on 750-831/xxx-xxx",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW13 installed on 750-852",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW14 installed on 750-852",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-862",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-862",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW13 installed on 750-880/xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW14 installed on 750-880/xxx-xxx",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW13 installed on 750-881",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW14 installed on 750-881",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW13 installed on 750-889",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW14 installed on 750-889",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW03 installed on 750-891",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW05 installed on 750-891",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16210",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "* Restrict network access to the device. \n* Use strong passwords \n* Do not directly connect the device to the internet \n* Disable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "update devices\n\n| Product | Fixed Versions |\n|------------------|----------------|\n| 750-362 | FW05 |\n| 750-363 | FW05 |\n| 750-823 | FW05 |\n| 750-832/xxx-xxx | FW05 |\n| 750-862 | FW05 |\n| 750-891 | FW05 |\n| 750-890/xxx-xxx | FW05 |\n| 750-352 | FW14 |\n| 750-831/xxx-xxx | FW14 |\n| 750-852 | FW14 |\n| 750-880/xxx-xxx | FW14 |\n| 750-881 | FW14 |\n| 750-889 | FW14 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2018-16210"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…