This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWago 750 362
HWWagowszystkie wersjeWago 750 362 Firmware
OSWago≤ fw07Wago 750 363
HWWagowszystkie wersjeWago 750 363 Firmware
OSWago≤ fw07Wago 750 823
HWWagowszystkie wersjeWago 750 823 Firmware
OSWago≤ fw07Wago 750 832
HWWagowszystkie wersjeWago 750 832\/000 002
HWWagowszystkie wersjeWago 750 832\/000 002 Firmware
OSWago≤ fw07Wago 750 832 Firmware
OSWago≤ fw07Wago 750 862
HWWagowszystkie wersjeWago 750 862 Firmware
OSWago≤ fw07Wago 750 890\/025 000
HWWagowszystkie wersjeWago 750 890\/025 000 Firmware
OSWago≤ fw07Wago 750 890\/025 001
HWWagowszystkie wersjeWago 750 890\/025 001 Firmware
OSWago≤ fw07Wago 750 890\/025 002
HWWagowszystkie wersjeWago 750 890\/025 002 Firmware
OSWago≤ fw07Wago 750 890\/040 000
HWWagowszystkie wersjeWago 750 890\/040 000 Firmware
OSWago≤ fw07Wago 750 891
HWWagowszystkie wersjeWago 750 891 Firmware
OSWago≤ fw07Wago 750 893
HWWagowszystkie wersjeWago 750 893 Firmware
OSWago≤ fw07
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2021-34584CRITICAL9.1ten sam produkt
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- s...
CVE-2021-30188CRITICAL9.8ten sam produkt
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
CVE-2021-30190CRITICAL9.8ten sam produkt
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CVE-2021-30189CRITICAL9.8ten sam produkt
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CVE-2021-30192CRITICAL9.8ten sam produkt
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.