Vulnerability Description
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
CVSS Score
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 0852-0303 Firmware | <= 1.2.3.s0 |
| Wago | 0852-0303 | - |
| Wago | 0852-1305 Firmware | <= 1.1.7.s0 |
| Wago | 0852-1305 | - |
| Wago | 0852-1505 Firmware | <= 1.1.6.s0 |
| Wago | 0852-1505 | - |
| Wago | 0852-1305\/000-001 Firmware | <= 1.0.4.s0 |
| Wago | 0852-1305\/000-001 | - |
| Wago | 0852-1505\/000-001 Firmware | <= 1.0.4.s0 |
| Wago | 0852-1505\/000-001 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2021-013Third Party Advisory
- https://cert.vde.com/en-us/advisories/vde-2021-013Third Party Advisory
FAQ
What is CVE-2021-20998?
CVE-2021-20998 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
How severe is CVE-2021-20998?
CVE-2021-20998 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20998?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 0852-0303 Firmware, Wago 0852-0303, Wago 0852-1305 Firmware, Wago 0852-1305, Wago 0852-1505 Firmware.