Vulnerability Description
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 750-890\/040-000 Firmware | <= fw07 |
| Wago | 750-890\/040-000 | - |
| Wago | 750-890\/025-001 Firmware | <= fw07 |
| Wago | 750-890\/025-001 | - |
| Wago | 750-890\/025-002 Firmware | <= fw07 |
| Wago | 750-890\/025-002 | - |
| Wago | 750-890\/025-000 Firmware | <= fw07 |
| Wago | 750-890\/025-000 | - |
| Wago | 750-832\/000-002 Firmware | <= fw07 |
| Wago | 750-832\/000-002 | - |
| Wago | 750-362 Firmware | <= fw07 |
| Wago | 750-362 | - |
| Wago | 750-823 Firmware | <= fw07 |
| Wago | 750-823 | - |
| Wago | 750-832 Firmware | <= fw07 |
| Wago | 750-832 | - |
| Wago | 750-363 Firmware | <= fw07 |
| Wago | 750-363 | - |
| Wago | 750-862 Firmware | <= fw07 |
| Wago | 750-862 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2020-044Third Party Advisory
- https://cert.vde.com/en-us/advisories/vde-2020-044Third Party Advisory
FAQ
What is CVE-2021-34578?
CVE-2021-34578 is a vulnerability with a CVSS score of 9.8 (CRITICAL). This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO...
How severe is CVE-2021-34578?
CVE-2021-34578 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34578?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-890\/040-000 Firmware, Wago 750-890\/040-000, Wago 750-890\/025-001 Firmware, Wago 750-890\/025-001, Wago 750-890\/025-002 Firmware.