CRITICAL🇵🇱 Wersja polska

CVE-2021-34578

CVSS 9.8v3.1pub. 2021-08-31upd. 2024-11-21

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wago 750 362

    HW
    Wago
    wszystkie wersje
  • Wago 750 362 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 363

    HW
    Wago
    wszystkie wersje
  • Wago 750 363 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 823

    HW
    Wago
    wszystkie wersje
  • Wago 750 823 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 832

    HW
    Wago
    wszystkie wersje
  • Wago 750 832\/000 002

    HW
    Wago
    wszystkie wersje
  • Wago 750 832\/000 002 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 832 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 862

    HW
    Wago
    wszystkie wersje
  • Wago 750 862 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 890\/025 000

    HW
    Wago
    wszystkie wersje
  • Wago 750 890\/025 000 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 890\/025 001

    HW
    Wago
    wszystkie wersje
  • Wago 750 890\/025 001 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 890\/025 002

    HW
    Wago
    wszystkie wersje
  • Wago 750 890\/025 002 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 890\/040 000

    HW
    Wago
    wszystkie wersje
  • Wago 750 890\/040 000 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 891

    HW
    Wago
    wszystkie wersje
  • Wago 750 891 Firmware

    OS
    Wago
    ≤ fw07
  • Wago 750 893

    HW
    Wago
    wszystkie wersje
  • Wago 750 893 Firmware

    OS
    Wago
    ≤ fw07
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-34584CRITICAL9.1ten sam produkt

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- s...

CVE-2021-30188CRITICAL9.8ten sam produkt

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

CVE-2021-30190CRITICAL9.8ten sam produkt

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVE-2021-30189CRITICAL9.8ten sam produkt

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

CVE-2021-30192CRITICAL9.8ten sam produkt

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.