Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown

CVE-2021-20994

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Attacker Value
Unknown

CVE-2021-20996

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
Attacker Value
Unknown

CVE-2021-20995

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Attacker Value
Unknown

CVE-2021-20997

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
Attacker Value
Unknown

CVE-2021-20993

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
Attacker Value
Unknown

CVE-2021-20998

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
Attacker Value
Unknown

CVE-2019-12550

Disclosure Date: June 17, 2019 (last updated November 27, 2024)
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
0
Attacker Value
Unknown

CVE-2019-12549

Disclosure Date: June 17, 2019 (last updated November 27, 2024)
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
0