Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34578

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Published

2021-08-31T11:15:07.777

Last Modified

2024-11-21T06:10:44.417

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System wago 750-890\/040-000_firmware ≤ fw07 Yes
Hardware wago 750-890\/040-000 - No
Operating System wago 750-890\/025-001_firmware ≤ fw07 Yes
Hardware wago 750-890\/025-001 - No
Operating System wago 750-890\/025-002_firmware ≤ fw07 Yes
Hardware wago 750-890\/025-002 - No
Operating System wago 750-890\/025-000_firmware ≤ fw07 Yes
Hardware wago 750-890\/025-000 - No
Operating System wago 750-832\/000-002_firmware ≤ fw07 Yes
Hardware wago 750-832\/000-002 - No
Operating System wago 750-362_firmware ≤ fw07 Yes
Hardware wago 750-362 - No
Operating System wago 750-823_firmware ≤ fw07 Yes
Hardware wago 750-823 - No
Operating System wago 750-832_firmware ≤ fw07 Yes
Hardware wago 750-832 - No
Operating System wago 750-363_firmware ≤ fw07 Yes
Hardware wago 750-363 - No
Operating System wago 750-862_firmware ≤ fw07 Yes
Hardware wago 750-862 - No
Operating System wago 750-891_firmware ≤ fw07 Yes
Hardware wago 750-891 - No
Operating System wago 750-893_firmware ≤ fw07 Yes
Hardware wago 750-893 - No
References