Vulnerability Description
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 750-362 Firmware | < 05 |
| Wago | 750-362 | - |
| Wago | 750-363 Firmware | < 05 |
| Wago | 750-363 | - |
| Wago | 750-823 Firmware | < 05 |
| Wago | 750-823 | - |
| Wago | 750-832 Firmware | < 05 |
| Wago | 750-832 | - |
| Wago | 750-862 Firmware | < 05 |
| Wago | 750-862 | - |
| Wago | 750-891 Firmware | < 05 |
| Wago | 750-891 | - |
| Wago | 750-890 Firmware | < 05 |
| Wago | 750-890 | - |
| Wago | 750-352 Firmware | < 14 |
| Wago | 750-352 | - |
| Wago | 750-831 Firmware | < 14 |
| Wago | 750-831 | - |
| Wago | 750-852 Firmware | < 14 |
| Wago | 750-852 | - |
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/45581/Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/45581/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-16210?
CVE-2018-16210 is a vulnerability with a CVSS score of 6.1 (MEDIUM). WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
How severe is CVE-2018-16210?
CVE-2018-16210 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16210?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-362 Firmware, Wago 750-362, Wago 750-363 Firmware, Wago 750-363, Wago 750-823 Firmware.