Sign-up

ID

VAR-202108-0988


CVE

CVE-2021-34578


TITLE

plural  WAGO  product   Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011289

DESCRIPTION

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. plural WAGO product There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-34578 // JVNDB: JVNDB-2021-011289 // VULMON: CVE-2021-34578

AFFECTED PRODUCTS

vendor:wagomodel:750-890\/040-000scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-890\/025-000scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-823scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-832\/000-002scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-862scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-362scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-890\/025-001scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-893scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-832scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-363scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-890\/025-002scope:lteversion:fw07

Trust: 1.0

vendor:wagomodel:750-891scope:lteversion:fw07

Trust: 1.0

vendor:ワゴジャパン株式会社model:750-832/000-002scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-862scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-362scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-890/025-001scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-890/040-000scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-890/025-002scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-832scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-823scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-890/025-000scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:750-363scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011289 // NVD: CVE-2021-34578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34578
value: HIGH

Trust: 1.0

info@cert.vde.com: CVE-2021-34578
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-34578
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-2776
value: HIGH

Trust: 0.6

VULMON: CVE-2021-34578
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34578
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-34578
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

info@cert.vde.com: CVE-2021-34578
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-34578
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-34578 // JVNDB: JVNDB-2021-011289 // CNNVD: CNNVD-202108-2776 // NVD: CVE-2021-34578 // NVD: CVE-2021-34578

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011289 // NVD: CVE-2021-34578

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-2776

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202108-2776

PATCH

title:top pageurl:https://www.wago.co.jp/

Trust: 0.8

title:WAGO Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161863

Trust: 0.6

sources: JVNDB: JVNDB-2021-011289 // CNNVD: CNNVD-202108-2776

EXTERNAL IDS

db:NVDid:CVE-2021-34578

Trust: 3.3

db:CERT@VDEid:VDE-2020-044

Trust: 2.5

db:JVNDBid:JVNDB-2021-011289

Trust: 0.8

db:CNNVDid:CNNVD-202108-2776

Trust: 0.6

db:VULMONid:CVE-2021-34578

Trust: 0.1

sources: VULMON: CVE-2021-34578 // JVNDB: JVNDB-2021-011289 // CNNVD: CNNVD-202108-2776 // NVD: CVE-2021-34578

REFERENCES

url:https://cert.vde.com/en-us/advisories/vde-2020-044

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-34578

Trust: 1.4

url:https://cert.vde.com/en/advisories/vde-2020-044/

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-34578 // JVNDB: JVNDB-2021-011289 // CNNVD: CNNVD-202108-2776 // NVD: CVE-2021-34578

SOURCES

db:VULMONid:CVE-2021-34578
db:JVNDBid:JVNDB-2021-011289
db:CNNVDid:CNNVD-202108-2776
db:NVDid:CVE-2021-34578

LAST UPDATE DATE

2024-08-14T15:11:49.351000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-34578date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-011289date:2022-07-26T03:25:00
db:CNNVDid:CNNVD-202108-2776date:2021-09-09T00:00:00
db:NVDid:CVE-2021-34578date:2021-09-08T16:02:25.067

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-34578date:2021-08-31T00:00:00
db:JVNDBid:JVNDB-2021-011289date:2022-07-26T00:00:00
db:CNNVDid:CNNVD-202108-2776date:2021-08-31T00:00:00
db:NVDid:CVE-2021-34578date:2021-08-31T11:15:07.777