CVE-2026-3587
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Lean Managed Switch 852-1812 | 0.0.0 < V1.2.1.S0 | affected |
| WAGO | Lean Managed Switch 852-1813 | 0.0.0 < V1.2.1.S0 | affected |
| WAGO | Lean Managed Switch 852-1813-000-001 | 0.0.0 < V1.2.3.S0 | affected |
| WAGO | Lean Managed Switch 852-1816 | 0.0.0 < V1.2.1.S0 | affected |
| WAGO | Industrial Managed Switch 852-303 | 0.0.0 < V1.2.8.S0 | affected |
| WAGO | Industrial Managed Switch 852-1305 | 0.0.0 < V1.2.0.S0 | affected |
| WAGO | Industrial Managed Switch 852-1305-000-001 | 0.0.0 < V1.2.0.S0 | affected |
| WAGO | Industrial Managed Switch 852-1505-000-001 | 0.0.0 < V1.2.0.S0 | affected |
| WAGO | Industrial Managed Switch 852-1505 | 0.0.0 < V1.1.9.S0 | affected |
| WAGO | Industrial Managed Switch 852-602 | 0.0.0 < V1.0.6.S0 | affected |
| WAGO | Industrial Managed Switch 852-603 | 0.0.0 < V1.0.6.S0 | affected |
| WAGO | Industrial Managed Switch 852-1605 | 0.0.0 < V1.2.5.S0 | affected |
| WAGO | Lean Managed Switch 852-1812-010-000 | 0.0.0 < V1.2.1.S0 | affected |
| WAGO | Lean Managed Switch 852-1813-010-000 | 0.0.0 < V1.2.1.S0 | affected |
| WAGO | Lean Managed Switch 852-1816-010-000 | 0.0.0 < V1.2.1.S0 | affected |
| WAGO | Lean Managed Switch 852-1813/010-001 | 0.0.0 < V1.2.1.S0 | affected |
Weaknesses
- CWE-912: CWE-912 Hidden Functionality
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.