Vulnerabilities > Wago > 0852 1505 000 001 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-05-13 CVE-2021-20993 Information Exposure vulnerability in Wago products
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
network
low complexity
wago CWE-200
5.3
2021-05-13 CVE-2021-20994 Cross-site Scripting vulnerability in Wago products
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
network
low complexity
wago CWE-79
6.1
2021-05-13 CVE-2021-20995 Cleartext Storage of Sensitive Information vulnerability in Wago products
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
network
low complexity
wago CWE-312
7.5
2021-05-13 CVE-2021-20996 Incorrect Permission Assignment for Critical Resource vulnerability in Wago products
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
network
low complexity
wago CWE-732
5.3
2021-05-13 CVE-2021-20997 Insufficiently Protected Credentials vulnerability in Wago products
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
network
low complexity
wago CWE-522
7.5
2021-05-13 CVE-2021-20998 Missing Authentication for Critical Function vulnerability in Wago products
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
network
low complexity
wago CWE-306
critical
9.8