CVE-2021-20997

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 51.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 0852-0303 Wago 0852-1305 Wago 0852-1305/000-001 +7 more

Timeline

PublishedMay 13

Latest updateMay 24

Description

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5wago/0852-0303unspecified — V1.2.3.S0

▶CVEListV5wago/0852-1305unspecified — V1.1.7.S0

▶CVEListV5wago/0852-1505unspecified — V1.1.6.S0

▶CVEListV5wago/0852-1305/000-001unspecified — V1.0.4.S0

▶CVEListV5wago/0852-1505/000-001unspecified — V1.0.4.S0

🔴Vulnerability Details

GHSA

GHSA-9w62-6mhp-433w: In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users↗2022-05-24

▶

CVEList

WAGO: Managed Switches: Unauthorized access to password hashes↗2021-05-13

▶