CVE-2021-21000 – WAGO: PFC200 Denial of Service due to the number of connections to the runtime
https://notcve.org/view.php?id=CVE-2021-21000
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. En dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante con acceso de red al dispositivo podría causar una denegación de servicio para el servicio de inicio de sesión del tiempo de ejecución • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-20998 – WAGO: Managed Switches: Unauthorized creation of user accounts
https://notcve.org/view.php?id=CVE-2021-20998
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. En múltiples switches administrados por WAGO en diferentes versiones sin autorización y con paquetes especialmente diseñados es posible crear usuarios • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-306: Missing Authentication for Critical Function •
CVE-2021-20997 – WAGO: Managed Switches: Unauthorized access to password hashes
https://notcve.org/view.php?id=CVE-2021-20997
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. En múltiples switches administrados por WAGO en diferentes versiones, es posible leer los hashes de contraseña de todos los usuarios de Administración basada en Web • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-522: Insufficiently Protected Credentials •
CVE-2021-20996 – WAGO: Managed Switches: Unsecure Cookie settings
https://notcve.org/view.php?id=CVE-2021-20996
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. En múltiples switches administrados por WAGO en diferentes versiones, las peticiones especiales diseñadas pueden llevar a que las cookies se transfieran a terceros • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-20995 – WAGO: Managed Switches: Storage of user credentials in a cookie
https://notcve.org/view.php?id=CVE-2021-20995
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. En múltiples switches administrados por WAGO en diferentes versiones, las cookies del servidor web de la Interfaz de Usuario basada en web contienen credenciales de usuario • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-312: Cleartext Storage of Sensitive Information •