Sign-up

ID

VAR-201810-1044


CVE

CVE-2018-16210


TITLE

WAGO 750-881 Ethernet Controller Device Cross-Site Scripting Vulnerability

Trust: 1.4

sources: CNVD: CNVD-2018-21245 // JVNDB: JVNDB-2018-011237

DESCRIPTION

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. WAGO 750-881 Ethernet Controller The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WAGO750-881EthernetControllerdevices is an Ethernet controller device from WAGO, Germany. The remote attacker can use the SNMP_DESC or SNMP_LOC_SNMP_CONT field to inject any web script or HTML. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2018-16210 // JVNDB: JVNDB-2018-011237 // CNVD: CNVD-2018-21245 // VULHUB: VHN-126547

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-21245

AFFECTED PRODUCTS

vendor:wagomodel:750-881 ethernet controller devicesscope:eqversion:01.09.18\(13\)

Trust: 1.6

vendor:wagomodel:750-881 ethernet controller devicesscope:eqversion:01.08.01\(10\)

Trust: 1.6

vendor:wagomodel:750-862scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-891scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-831scope:ltversion:14

Trust: 1.0

vendor:wagomodel:750-352scope:ltversion:14

Trust: 1.0

vendor:wagomodel:750-363scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-889scope:ltversion:14

Trust: 1.0

vendor:wagomodel:750-880scope:ltversion:14

Trust: 1.0

vendor:wagomodel:750-823scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-881scope:ltversion:14

Trust: 1.0

vendor:wagomodel:750-362scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-852scope:ltversion:14

Trust: 1.0

vendor:wagomodel:750-832scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-890scope:ltversion:05

Trust: 1.0

vendor:wagomodel:750-881 ethernet controller devicescope:lteversion:01.09.18(13)

Trust: 0.8

vendor:wagomodel:ethernet controllerscope:eqversion:750-881<=01.09.18(13)

Trust: 0.6

sources: CNVD: CNVD-2018-21245 // JVNDB: JVNDB-2018-011237 // CNNVD: CNNVD-201810-676 // NVD: CVE-2018-16210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16210
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-16210
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-21245
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-676
value: MEDIUM

Trust: 0.6

VULHUB: VHN-126547
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-16210
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21245
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-126547
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16210
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2018-16210
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-21245 // VULHUB: VHN-126547 // JVNDB: JVNDB-2018-011237 // CNNVD: CNNVD-201810-676 // NVD: CVE-2018-16210

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-126547 // JVNDB: JVNDB-2018-011237 // NVD: CVE-2018-16210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-676

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201810-676

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011237

PATCH
title:トップページurl:http://global.wago.com/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011237

EXTERNAL IDS
db:EXPLOIT-DBid:45581
Trust: 3.1
db:NVDid:CVE-2018-16210
Trust: 3.1
db:JVNDBid:JVNDB-2018-011237
Trust: 0.8
db:CNNVDid:CNNVD-201810-676
Trust: 0.7
db:CNVDid:CNVD-2018-21245
Trust: 0.6
db:VULHUBid:VHN-126547
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-21245 // 
            
            
            
            VULHUB: VHN-126547 // 
            
            
            
            JVNDB: JVNDB-2018-011237 // 
            
            
            
            CNNVD: CNNVD-201810-676 // 
            
            
            
            NVD: CVE-2018-16210

REFERENCES
url:https://www.exploit-db.com/exploits/45581/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16210
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16210
Trust: 0.8
url:https://www.exploit-db.com/exploits/45581
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-21245 // 
            
            
            
            VULHUB: VHN-126547 // 
            
            
            
            JVNDB: JVNDB-2018-011237 // 
            
            
            
            CNNVD: CNNVD-201810-676 // 
            
            
            
            NVD: CVE-2018-16210

SOURCES
db:CNVDid:CNVD-2018-21245
db:VULHUBid:VHN-126547
db:JVNDBid:JVNDB-2018-011237
db:CNNVDid:CNNVD-201810-676
db:NVDid:CVE-2018-16210

LAST UPDATE DATE
2025-06-14T23:05:23.850000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-21245date:2018-10-18T00:00:00
db:VULHUBid:VHN-126547date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-011237date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-676date:2019-05-21T00:00:00
db:NVDid:CVE-2018-16210date:2025-06-13T17:56:26.900

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-21245date:2018-10-18T00:00:00
db:VULHUBid:VHN-126547date:2018-10-12T00:00:00
db:JVNDBid:JVNDB-2018-011237date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-676date:2018-10-15T00:00:00
db:NVDid:CVE-2018-16210date:2018-10-12T22:15:07.377