Lucene search

[email protected]CVE-2021-34578

HistoryAug 31, 2021 - 11:15 a.m.

CVE-2021-34578

2021-08-3111:15:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2021-34578

vulnerability

unauthorized access

wago plcs

settings

parameters

nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

JSON

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

CPENameOperatorVersion
wago:750-890\/040-000_firmwarewago 750-890\/040-000 firmwarelefw07
wago:750-890\/025-001_firmwarewago 750-890\/025-001 firmwarelefw07
wago:750-890\/025-002_firmwarewago 750-890\/025-002 firmwarelefw07
wago:750-890\/025-000_firmwarewago 750-890\/025-000 firmwarelefw07
wago:750-832\/000-002_firmwarewago 750-832\/000-002 firmwarelefw07
wago:750-362_firmwarewago 750-362 firmwarelefw07
wago:750-823_firmwarewago 750-823 firmwarelefw07
wago:750-832_firmwarewago 750-832 firmwarelefw07
wago:750-363_firmwarewago 750-363 firmwarelefw07
wago:750-862_firmwarewago 750-862 firmwarelefw07

CPE	Name	Operator	Version
wago:750-890\/040-000_firmware	wago 750-890\/040-000 firmware	le	fw07
wago:750-890\/025-001_firmware	wago 750-890\/025-001 firmware	le	fw07
wago:750-890\/025-002_firmware	wago 750-890\/025-002 firmware	le	fw07
wago:750-890\/025-000_firmware	wago 750-890\/025-000 firmware	le	fw07
wago:750-832\/000-002_firmware	wago 750-832\/000-002 firmware	le	fw07
wago:750-362_firmware	wago 750-362 firmware	le	fw07
wago:750-823_firmware	wago 750-823 firmware	le	fw07
wago:750-832_firmware	wago 750-832 firmware	le	fw07
wago:750-363_firmware	wago 750-363 firmware	le	fw07
wago:750-862_firmware	wago 750-862 firmware	le	fw07

Rows per page:

1-10 of 121

References

cert.vde.com/en-us/advisories/vde-2020-044

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2021-34578

cvelist1 prion1 nessus1