CVE-2021-34578
WAGO: Authentication Vulnerability in Web-Based Management
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Esta vulnerabilidad permite a un atacante que tenga acceso al WBM leer y escribir parámetros de configuración del dispositivo mediante el envío de peticiones específicamente construidas sin autenticación en múltiples PLCs de WAGO en versiones del firmware hasta FW07
*Credits:
Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-10 CVE Reserved
- 2021-08-31 CVE Published
- 2024-05-16 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://cert.vde.com/en-us/advisories/vde-2020-044 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | 750-890\/040-000 Firmware Search vendor "Wago" for product "750-890\/040-000 Firmware" | <= fw07 Search vendor "Wago" for product "750-890\/040-000 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-890\/040-000 Search vendor "Wago" for product "750-890\/040-000" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-890\/025-001 Firmware Search vendor "Wago" for product "750-890\/025-001 Firmware" | <= fw07 Search vendor "Wago" for product "750-890\/025-001 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-890\/025-001 Search vendor "Wago" for product "750-890\/025-001" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-890\/025-002 Firmware Search vendor "Wago" for product "750-890\/025-002 Firmware" | <= fw07 Search vendor "Wago" for product "750-890\/025-002 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-890\/025-002 Search vendor "Wago" for product "750-890\/025-002" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-890\/025-000 Firmware Search vendor "Wago" for product "750-890\/025-000 Firmware" | <= fw07 Search vendor "Wago" for product "750-890\/025-000 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-890\/025-000 Search vendor "Wago" for product "750-890\/025-000" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-832\/000-002 Firmware Search vendor "Wago" for product "750-832\/000-002 Firmware" | <= fw07 Search vendor "Wago" for product "750-832\/000-002 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-832\/000-002 Search vendor "Wago" for product "750-832\/000-002" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-362 Firmware Search vendor "Wago" for product "750-362 Firmware" | <= fw07 Search vendor "Wago" for product "750-362 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-362 Search vendor "Wago" for product "750-362" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-823 Firmware Search vendor "Wago" for product "750-823 Firmware" | <= fw07 Search vendor "Wago" for product "750-823 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-823 Search vendor "Wago" for product "750-823" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-832 Firmware Search vendor "Wago" for product "750-832 Firmware" | <= fw07 Search vendor "Wago" for product "750-832 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-832 Search vendor "Wago" for product "750-832" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-363 Firmware Search vendor "Wago" for product "750-363 Firmware" | <= fw07 Search vendor "Wago" for product "750-363 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-363 Search vendor "Wago" for product "750-363" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-862 Firmware Search vendor "Wago" for product "750-862 Firmware" | <= fw07 Search vendor "Wago" for product "750-862 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-862 Search vendor "Wago" for product "750-862" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-891 Firmware Search vendor "Wago" for product "750-891 Firmware" | <= fw07 Search vendor "Wago" for product "750-891 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-891 Search vendor "Wago" for product "750-891" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-893 Firmware Search vendor "Wago" for product "750-893 Firmware" | <= fw07 Search vendor "Wago" for product "750-893 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-893 Search vendor "Wago" for product "750-893" | - | - |
Safe
|