// For flags

CVE-2021-34578

WAGO: Authentication Vulnerability in Web-Based Management

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Esta vulnerabilidad permite a un atacante que tenga acceso al WBM leer y escribir parámetros de configuración del dispositivo mediante el envío de peticiones específicamente construidas sin autenticación en múltiples PLCs de WAGO en versiones del firmware hasta FW07

*Credits: Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated.
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-10 CVE Reserved
  • 2021-08-31 CVE Published
  • 2024-05-16 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (1)
URL Tag Source
https://cert.vde.com/en-us/advisories/vde-2020-044 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wago
Search vendor "Wago"
750-890\/040-000 Firmware
Search vendor "Wago" for product "750-890\/040-000 Firmware"
<= fw07
Search vendor "Wago" for product "750-890\/040-000 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-890\/040-000
Search vendor "Wago" for product "750-890\/040-000"
--
Safe
Wago
Search vendor "Wago"
750-890\/025-001 Firmware
Search vendor "Wago" for product "750-890\/025-001 Firmware"
<= fw07
Search vendor "Wago" for product "750-890\/025-001 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-890\/025-001
Search vendor "Wago" for product "750-890\/025-001"
--
Safe
Wago
Search vendor "Wago"
750-890\/025-002 Firmware
Search vendor "Wago" for product "750-890\/025-002 Firmware"
<= fw07
Search vendor "Wago" for product "750-890\/025-002 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-890\/025-002
Search vendor "Wago" for product "750-890\/025-002"
--
Safe
Wago
Search vendor "Wago"
750-890\/025-000 Firmware
Search vendor "Wago" for product "750-890\/025-000 Firmware"
<= fw07
Search vendor "Wago" for product "750-890\/025-000 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-890\/025-000
Search vendor "Wago" for product "750-890\/025-000"
--
Safe
Wago
Search vendor "Wago"
750-832\/000-002 Firmware
Search vendor "Wago" for product "750-832\/000-002 Firmware"
<= fw07
Search vendor "Wago" for product "750-832\/000-002 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-832\/000-002
Search vendor "Wago" for product "750-832\/000-002"
--
Safe
Wago
Search vendor "Wago"
750-362 Firmware
Search vendor "Wago" for product "750-362 Firmware"
<= fw07
Search vendor "Wago" for product "750-362 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-362
Search vendor "Wago" for product "750-362"
--
Safe
Wago
Search vendor "Wago"
750-823 Firmware
Search vendor "Wago" for product "750-823 Firmware"
<= fw07
Search vendor "Wago" for product "750-823 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-823
Search vendor "Wago" for product "750-823"
--
Safe
Wago
Search vendor "Wago"
750-832 Firmware
Search vendor "Wago" for product "750-832 Firmware"
<= fw07
Search vendor "Wago" for product "750-832 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-832
Search vendor "Wago" for product "750-832"
--
Safe
Wago
Search vendor "Wago"
750-363 Firmware
Search vendor "Wago" for product "750-363 Firmware"
<= fw07
Search vendor "Wago" for product "750-363 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-363
Search vendor "Wago" for product "750-363"
--
Safe
Wago
Search vendor "Wago"
750-862 Firmware
Search vendor "Wago" for product "750-862 Firmware"
<= fw07
Search vendor "Wago" for product "750-862 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-862
Search vendor "Wago" for product "750-862"
--
Safe
Wago
Search vendor "Wago"
750-891 Firmware
Search vendor "Wago" for product "750-891 Firmware"
<= fw07
Search vendor "Wago" for product "750-891 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-891
Search vendor "Wago" for product "750-891"
--
Safe
Wago
Search vendor "Wago"
750-893 Firmware
Search vendor "Wago" for product "750-893 Firmware"
<= fw07
Search vendor "Wago" for product "750-893 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-893
Search vendor "Wago" for product "750-893"
--
Safe