CVE-2021-20995

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 68.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 0852-0303 Wago 0852-1305 Wago 0852-1305/000-001 +7 more

Timeline

PublishedMay 13

Latest updateMay 24

Description

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages10 packages

▶CVEListV5wago/0852-0303unspecified — V1.2.3.S0

▶CVEListV5wago/0852-1305unspecified — V1.1.7.S0

▶CVEListV5wago/0852-1505unspecified — V1.1.6.S0

▶CVEListV5wago/0852-1305/000-001unspecified — V1.0.4.S0

▶CVEListV5wago/0852-1505/000-001unspecified — V1.0.4.S0

🔴Vulnerability Details

GHSA

GHSA-h3wh-323m-4h77: In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials↗2022-05-24

▶

CVEList

WAGO: Managed Switches: Storage of user credentials in a cookie↗2021-05-13

▶