Sign-up

ID

VAR-202105-0533


CVE

CVE-2021-20998


TITLE

plural  WAGO  Vulnerability in lack of authentication for critical features in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-006867

DESCRIPTION

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. plural WAGO The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-20998 // JVNDB: JVNDB-2021-006867 // VULMON: CVE-2021-20998

AFFECTED PRODUCTS

vendor:wagomodel:0852-0303scope:lteversion:1.2.3.s0

Trust: 1.0

vendor:wagomodel:0852-1505scope:lteversion:1.1.6.s0

Trust: 1.0

vendor:wagomodel:0852-1305\/000-001scope:lteversion:1.0.4.s0

Trust: 1.0

vendor:wagomodel:0852-1505\/000-001scope:lteversion:1.0.4.s0

Trust: 1.0

vendor:wagomodel:0852-1305scope:lteversion:1.1.7.s0

Trust: 1.0

vendor:ワゴジャパン株式会社model:0852-1505scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:0852-1305/000-001scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:0852-0303scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:0852-1305scope: - version: -

Trust: 0.8

vendor:ワゴジャパン株式会社model:0852-1505/000-001scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006867 // NVD: CVE-2021-20998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20998
value: CRITICAL

Trust: 1.0

info@cert.vde.com: CVE-2021-20998
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20998
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202105-829
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-20998
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20998
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-20998
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

info@cert.vde.com: CVE-2021-20998
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-20998
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-20998 // JVNDB: JVNDB-2021-006867 // CNNVD: CNNVD-202105-829 // NVD: CVE-2021-20998 // NVD: CVE-2021-20998

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for important features (CWE-306) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-006867 // NVD: CVE-2021-20998

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-829

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202105-829

PATCH

title:Top Pageurl:https://www.wago.com/us/

Trust: 0.8

title:WAGO Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151442

Trust: 0.6

sources: JVNDB: JVNDB-2021-006867 // CNNVD: CNNVD-202105-829

EXTERNAL IDS

db:NVDid:CVE-2021-20998

Trust: 3.3

db:CERT@VDEid:VDE-2021-013

Trust: 2.5

db:JVNDBid:JVNDB-2021-006867

Trust: 0.8

db:CNNVDid:CNNVD-202105-829

Trust: 0.6

db:VULMONid:CVE-2021-20998

Trust: 0.1

sources: VULMON: CVE-2021-20998 // JVNDB: JVNDB-2021-006867 // CNNVD: CNNVD-202105-829 // NVD: CVE-2021-20998

REFERENCES

url:https://cert.vde.com/en-us/advisories/vde-2021-013

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-20998

Trust: 0.8

url:https://cert.vde.com/en/advisories/vde-2021-013/

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-20998 // JVNDB: JVNDB-2021-006867 // CNNVD: CNNVD-202105-829 // NVD: CVE-2021-20998

SOURCES

db:VULMONid:CVE-2021-20998
db:JVNDBid:JVNDB-2021-006867
db:CNNVDid:CNNVD-202105-829
db:NVDid:CVE-2021-20998

LAST UPDATE DATE

2024-08-14T13:54:04.562000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-20998date:2021-05-20T00:00:00
db:JVNDBid:JVNDB-2021-006867date:2022-01-24T06:24:00
db:CNNVDid:CNNVD-202105-829date:2021-05-21T00:00:00
db:NVDid:CVE-2021-20998date:2021-05-20T20:03:56.123

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-20998date:2021-05-13T00:00:00
db:JVNDBid:JVNDB-2021-006867date:2022-01-24T00:00:00
db:CNNVDid:CNNVD-202105-829date:2021-05-13T00:00:00
db:NVDid:CVE-2021-20998date:2021-05-13T14:15:18.113