CVE-2021-20996
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 0852-0303 | unspecified <= V1.2.3.S0 | affected |
| WAGO | 0852-1305 | unspecified <= V1.1.7.S0 | affected |
| WAGO | 0852-1505 | unspecified <= V1.1.6.S0 | affected |
| WAGO | 0852-1305/000-001 | unspecified <= V1.0.4.S0 | affected |
| WAGO | 0852-1505/000-001 | unspecified <= V1.0.4.S0 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
Workarounds
Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.