CVE-2021-34578: This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed…

high8.1CVSS 3.1

AVNACHPRNUINSUCHIHAH

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
wago	750-362_firmware	<= fw07	—
wago	750-363_firmware	<= fw07	—
wago	750-823_firmware	<= fw07	—
wago	750-832_000-002_firmware	<= fw07	—
wago	750-832_firmware	<= fw07	—
wago	750-862_firmware	<= fw07	—
wago	750-890_025-000_firmware	<= fw07	—
wago	750-890_025-001_firmware	<= fw07	—
wago	750-890_025-002_firmware	<= fw07	—
wago	750-890_040-000_firmware	<= fw07	—
wago	750-891_firmware	<= fw07	—
wago	750-893_firmware	<= fw07	—
wago	plc	750-362 – FW07	—
wago	plc	750-363 – FW07	—
wago	plc	750-823 – FW07	—
wago	plc	750-832/xxx-xxx – FW07	—
wago	plc	750-862 – FW07	—
wago	plc	750-890/xxx-xxx – FW07	—
wago	plc	750-891 – FW07	—
wago	plc	750-893 – FW07	—