9.8

CVE-2021-34578

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wago750-890/040-000 Firmware Version <= fw07
   Wago750-890/040-000 Version-
Wago750-890/025-001 Firmware Version <= fw07
   Wago750-890/025-001 Version-
Wago750-890/025-002 Firmware Version <= fw07
   Wago750-890/025-002 Version-
Wago750-890/025-000 Firmware Version <= fw07
   Wago750-890/025-000 Version-
Wago750-832/000-002 Firmware Version <= fw07
   Wago750-832/000-002 Version-
Wago750-362 Firmware Version <= fw07
   Wago750-362 Version-
Wago750-823 Firmware Version <= fw07
   Wago750-823 Version-
Wago750-832 Firmware Version <= fw07
   Wago750-832 Version-
Wago750-363 Firmware Version <= fw07
   Wago750-363 Version-
Wago750-862 Firmware Version <= fw07
   Wago750-862 Version-
Wago750-891 Firmware Version <= fw07
   Wago750-891 Version-
Wago750-893 Firmware Version <= fw07
   Wago750-893 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.558
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
info@cert.vde.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.