CVE-2021-20995
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 0852-0303 | unspecified <= V1.2.3.S0 | affected |
| WAGO | 0852-1305 | unspecified <= V1.1.7.S0 | affected |
| WAGO | 0852-1505 | unspecified <= V1.1.6.S0 | affected |
| WAGO | 0852-1305/000-001 | unspecified <= V1.0.4.S0 | affected |
| WAGO | 0852-1505/000-001 | unspecified <= V1.0.4.S0 | affected |
Weaknesses
- CWE-312: CWE-312 Cleartext Storage of Sensitive Information
Workarounds
Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.