7.5
CVE-2021-20995
- EPSS 0.13%
- Published 13.05.2021 14:15:18
- Last modified 21.11.2024 05:47:21
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Data is provided by the National Vulnerability Database (NVD)
Wago ≫ 0852-0303 Firmware Version <= 1.2.3.s0
Wago ≫ 0852-1305 Firmware Version <= 1.1.7.s0
Wago ≫ 0852-1505 Firmware Version <= 1.1.6.s0
Wago ≫ 0852-1305/000-001 Firmware Version <= 1.0.4.s0
Wago ≫ 0852-1505/000-001 Firmware Version <= 1.0.4.s0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.287 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| info@cert.vde.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.