VDE-2020-044
Vulnerability from csaf_wagogmbhcokg - Published: 2021-08-31 07:01 - Updated: 2025-05-14 13:00Summary
WAGO: Web-Based Management Authentication Vulnerability in WAGO 750-36X and WAGO 750-8XX
Notes
Summary: The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to read and write some special parameters without authentication.
This vulnerability is different to advisory SAV-2020-014 / VDE-2020-028
Impact: This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure of the WBM to read and/or write a settings-parameter of the devices by sending specifically constructed requests without authentication.
This can lead to malfunction of the application after reboot.
Mitigation: * Restrict network access to the device.
* Do not directly connect the device to the internet.
* Disable unused TCP/UDP ports.
* Disable web-based management ports 80/443 after the configuration phase
Remediation: Update the device to the latest FW version.
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
8.1 (High)
Mitigation
* Restrict network access to the device.
* Do not directly connect the device to the internet.
* Disable unused TCP/UDP ports.
* Disable web-based management ports 80/443 after the configuration phase
Vendor Fix
Update the device to the latest FW version.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERTVDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.\nWith special crafted requests it is possible to read and write some special parameters without authentication.\nThis vulnerability is different to advisory SAV-2020-014 / VDE-2020-028",
"title": "Summary"
},
{
"category": "description",
"text": "This vulnerability allows an attacker who has access to the WBM and knowledge about the directory structure of the WBM to read and/or write a settings-parameter of the devices by sending specifically constructed requests without authentication.\nThis can lead to malfunction of the application after reboot.",
"title": "Impact"
},
{
"category": "description",
"text": "* Restrict network access to the device. \n * Do not directly connect the device to the internet.\n \n* Disable unused TCP/UDP ports.\n \n* Disable web-based management ports 80/443 after the configuration phase",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update the device to the latest FW version.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "WAGO GmbH \u0026 Co. KG",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2020-044: WAGO: Web-Based Management Authentication Vulnerability in WAGO 750-36X and WAGO 750-8XX - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-044/"
},
{
"category": "self",
"summary": "VDE-2020-044: WAGO: Web-Based Management Authentication Vulnerability in WAGO 750-36X and WAGO 750-8XX - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2020-044.json"
}
],
"title": "WAGO: Web-Based Management Authentication Vulnerability in WAGO 750-36X and WAGO 750-8XX",
"tracking": {
"aliases": [
"VDE-2020-044"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2024-09-18T09:38:05.053Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.12"
}
},
"id": "VDE-2020-044",
"initial_release_date": "2021-08-31T07:01:00.000Z",
"revision_history": [
{
"date": "2021-08-31T07:01:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, fixed language setting, added self-reference"
},
{
"date": "2025-02-12T16:48:47.000Z",
"number": "3",
"summary": "Fix: corrected self-reference, fixed version"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "4",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-362",
"product": {
"name": "750-362",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"750-362"
]
}
}
},
{
"category": "product_name",
"name": "750-363",
"product": {
"name": "750-363",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"750-363"
]
}
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-823"
]
}
}
},
{
"category": "product_name",
"name": "750-832/xxx-xxx",
"product": {
"name": "750-832/xxx-xxx",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-832/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"750-862"
]
}
}
},
{
"category": "product_name",
"name": "750-890/xxx-xxx",
"product": {
"name": "750-890/xxx-xxx",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"750-890/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"750-891"
]
}
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "750-893",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"750-893"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW07",
"product": {
"name": "Firmware \u003c=FW07",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW08",
"product": {
"name": "Firmware FW08",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-362",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-362",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-363",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-363",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-823",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-823",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-862",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-862",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-890/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-890/xxx-xxx",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-891",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-891",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-893",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-893",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34578",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "* Restrict network access to the device.\n* Do not directly connect the device to the internet.\n* Disable unused TCP/UDP ports.\n* Disable web-based management ports 80/443 after the configuration phase",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update the device to the latest FW version.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008"
]
}
],
"title": "CVE-2021-34578"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…