CVE-2021-20996 – WAGO: Managed Switches: Unsecure Cookie settings
https://notcve.org/view.php?id=CVE-2021-20996
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. En múltiples switches administrados por WAGO en diferentes versiones, las peticiones especiales diseñadas pueden llevar a que las cookies se transfieran a terceros • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-20995 – WAGO: Managed Switches: Storage of user credentials in a cookie
https://notcve.org/view.php?id=CVE-2021-20995
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. En múltiples switches administrados por WAGO en diferentes versiones, las cookies del servidor web de la Interfaz de Usuario basada en web contienen credenciales de usuario • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-20994 – WAGO: Managed Switches: Reflected Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-20994
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. En múltiples switches administrados por WAGO en diferentes versiones, un atacante puede engañar a un usuario legítimo para que haga clic en un enlace para inyectar un posible código malicioso en la Administración Basada en Web • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-20993 – WAGO: Managed Switches: Exposure of sensitive information through directory listing
https://notcve.org/view.php?id=CVE-2021-20993
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. En múltiples switches administrados por WAGO en diferentes versiones, la lista de directorios activados proporciona al atacante el índice de los recursos ubicados dentro del directorio • https://cert.vde.com/en-us/advisories/vde-2021-013 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-12525 – WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component
https://notcve.org/view.php?id=CVE-2020-12525
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. El componente fdtCONTAINER de M&M Software en versiones por debajo de 3.5.20304.x y entre 3.6 y 3.6.20304.x, es vulnerable a una deserialización de datos que no son de confianza en el almacenamiento de su proyecto • https://cert.vde.com/en-us/advisories/vde-2020-038 https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05 • CWE-502: Deserialization of Untrusted Data •