) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:wago:0852-1505_firmware:-:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-20998 |
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. Published: May 13, 2021; 10:15:18 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-20997 |
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. Published: May 13, 2021; 10:15:18 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-20996 |
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. Published: May 13, 2021; 10:15:18 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2021-20995 |
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. Published: May 13, 2021; 10:15:18 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-20994 |
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. Published: May 13, 2021; 10:15:17 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-20993 |
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. Published: May 13, 2021; 10:15:17 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |