WAGO: Authentication Vulnerability in Web-Based Management
CVE-2021-34578

9.8CRITICAL

Key Information:

Vendor: Wago
Status: Plc
Vendor: CVE Published:; 31 August 2021

Summary

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

Affected Version(s)

PLC 750-362

PLC 750-363

PLC 750-823

References

https://cert.vde.com/en-us/advisories/vde-2020-044

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2021
Vulnerability Reserved
Jun 10, 2021

Credit

Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO. CERT@VDE coordinated.