CVE-2021-20995

Summary

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

Affected Software

VendorProductVersion RangeStatus
WAGO0852-0303unspecified <= V1.2.3.S0affected
WAGO0852-1305unspecified <= V1.1.7.S0affected
WAGO0852-1505unspecified <= V1.1.6.S0affected
WAGO0852-1305/000-001unspecified <= V1.0.4.S0affected
WAGO0852-1505/000-001unspecified <= V1.0.4.S0affected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

Workarounds

Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.

ADP Enrichment

CVE Program Container

Additional References

References