Details of VAR-202105-0528

ID

VAR-202105-0528

CVE

CVE-2021-20993

TITLE

plural WAGO Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-006862

DESCRIPTION

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. plural WAGO The product contains a vulnerability related to information leakage.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-20993 // JVNDB: JVNDB-2021-006862 // VULMON: CVE-2021-20993

AFFECTED PRODUCTS

vendor:	wago	model:	0852-0303	scope:	lte	version:	1.2.3.s0	Trust: 1.0
vendor:	wago	model:	0852-1505	scope:	lte	version:	1.1.6.s0	Trust: 1.0
vendor:	wago	model:	0852-1305\/000-001	scope:	lte	version:	1.0.4.s0	Trust: 1.0
vendor:	wago	model:	0852-1505\/000-001	scope:	lte	version:	1.0.4.s0	Trust: 1.0
vendor:	wago	model:	0852-1305	scope:	lte	version:	1.1.7.s0	Trust: 1.0
vendor:	ワゴジャパン株式会社	model:	0852-1505	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	0852-1305/000-001	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	0852-0303	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	0852-1305	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	0852-1505/000-001	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006862 // NVD: CVE-2021-20993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20993
value:	MEDIUM
Trust: 1.0
info@cert.vde.com:	CVE-2021-20993
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20993
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202105-823
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20993
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20993
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-20993
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-006862
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-20993 // JVNDB: JVNDB-2021-006862 // CNNVD: CNNVD-202105-823 // NVD: CVE-2021-20993 // NVD: CVE-2021-20993

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006862 // NVD: CVE-2021-20993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-823

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202105-823

PATCH

title:	Top Page	url:	https://www.wago.com/us/	Trust: 0.8
title:	WAGO Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151437	Trust: 0.6

sources: JVNDB: JVNDB-2021-006862 // CNNVD: CNNVD-202105-823

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20993	Trust: 3.3
db:	CERT@VDE	id:	VDE-2021-013	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-006862	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-823	Trust: 0.6
db:	VULMON	id:	CVE-2021-20993	Trust: 0.1

sources: VULMON: CVE-2021-20993 // JVNDB: JVNDB-2021-006862 // CNNVD: CNNVD-202105-823 // NVD: CVE-2021-20993

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-013	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20993	Trust: 0.8
url:	https://cert.vde.com/en/advisories/vde-2021-013/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-20993 // JVNDB: JVNDB-2021-006862 // CNNVD: CNNVD-202105-823 // NVD: CVE-2021-20993

SOURCES

db:	VULMON	id:	CVE-2021-20993
db:	JVNDB	id:	JVNDB-2021-006862
db:	CNNVD	id:	CNNVD-202105-823
db:	NVD	id:	CVE-2021-20993

LAST UPDATE DATE

2024-08-14T13:54:04.430000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-20993	date:	2021-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-006862	date:	2022-01-24T06:24:00
db:	CNNVD	id:	CNNVD-202105-823	date:	2021-05-21T00:00:00
db:	NVD	id:	CVE-2021-20993	date:	2021-05-20T19:47:56.733

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-20993	date:	2021-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-006862	date:	2022-01-24T00:00:00
db:	CNNVD	id:	CNNVD-202105-823	date:	2021-05-13T00:00:00
db:	NVD	id:	CVE-2021-20993	date:	2021-05-13T14:15:17.933