CVE-2021-20996

Summary

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

Affected Software

VendorProductVersion RangeStatus
WAGO0852-0303unspecified <= V1.2.3.S0affected
WAGO0852-1305unspecified <= V1.1.7.S0affected
WAGO0852-1505unspecified <= V1.1.6.S0affected
WAGO0852-1305/000-001unspecified <= V1.0.4.S0affected
WAGO0852-1505/000-001unspecified <= V1.0.4.S0affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

Workarounds

Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.

ADP Enrichment

CVE Program Container

Additional References

References