CVE-2021-34578

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Published: Aug 31, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-34578
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
wago / 750-890/040-000_firmware	-	fw07.x
wago / 750-890/025-001_firmware	-	fw07.x
wago / 750-890/025-002_firmware	-	fw07.x
wago / 750-890/025-000_firmware	-	fw07.x
wago / 750-832/000-002_firmware	-	fw07.x
wago / 750-362_firmware	-	fw07.x
wago / 750-823_firmware	-	fw07.x
wago / 750-832_firmware	-	fw07.x
wago / 750-363_firmware	-	fw07.x
wago / 750-862_firmware	-	fw07.x
wago / 750-891_firmware	-	fw07.x
wago / 750-893_firmware	-	fw07.x

https://cert.vde.com/en-us/advisories/vde-2020-044

Vulnerability Database

289,697

CVE-2021-34578