CVE-2021-20997
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 0852-0303 | unspecified <= V1.2.3.S0 | affected |
| WAGO | 0852-1305 | unspecified <= V1.1.7.S0 | affected |
| WAGO | 0852-1505 | unspecified <= V1.1.6.S0 | affected |
| WAGO | 0852-1305/000-001 | unspecified <= V1.0.4.S0 | affected |
| WAGO | 0852-1505/000-001 | unspecified <= V1.0.4.S0 | affected |
Weaknesses
- CWE-522: CWE-522 Insufficiently Protected Credentials
Workarounds
Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.