CVE-2021-20993

Summary

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Affected Software

VendorProductVersion RangeStatus
WAGO0852-0303unspecified <= V1.2.3.S0affected
WAGO0852-1305unspecified <= V1.1.7.S0affected
WAGO0852-1505unspecified <= V1.1.6.S0affected
WAGO0852-1305/000-001unspecified <= V1.0.4.S0affected
WAGO0852-1505/000-001unspecified <= V1.0.4.S0affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

Workarounds

Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.

ADP Enrichment

CVE Program Container

Additional References

References