CVE-2021-20993

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 53.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 0852-0303 Wago 0852-1305 Wago 0852-1305/000-001 +7 more

Timeline

PublishedMay 13

Latest updateMay 24

Description

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages10 packages

▶CVEListV5wago/0852-0303unspecified — V1.2.3.S0

▶CVEListV5wago/0852-1305unspecified — V1.1.7.S0

▶CVEListV5wago/0852-1505unspecified — V1.1.6.S0

▶CVEListV5wago/0852-1305/000-001unspecified — V1.0.4.S0

▶CVEListV5wago/0852-1505/000-001unspecified — V1.0.4.S0

🔴Vulnerability Details

GHSA

GHSA-8xqw-xjxh-7m7j: In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources locate↗2022-05-24

▶

CVEList

WAGO: Managed Switches: Exposure of sensitive information through directory listing↗2021-05-13

▶