CVE-2021-20998
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | 0852-0303 | unspecified <= V1.2.3.S0 | affected |
| WAGO | 0852-1305 | unspecified <= V1.1.7.S0 | affected |
| WAGO | 0852-1505 | unspecified <= V1.1.6.S0 | affected |
| WAGO | 0852-1305/000-001 | unspecified <= V1.0.4.S0 | affected |
| WAGO | 0852-1505/000-001 | unspecified <= V1.0.4.S0 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.