Sign-up

ID

VAR-202203-0474


CVE

CVE-2021-46380


TITLE

WAGO Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-20694

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: This is a duplicate to CVE-2022-22511 Notes. WAGO is a 750-88x series programmable logic controller from WAGO. This device is a number-crunching operating electronic system specially designed for application in an industrial environment. The WAGO 750-8212 PFC200 G2 2ETH RS has a security vulnerability stemming from a Chained Cross-Site Request Forgery (CSRF) with a Reflected Cross-Site Scripting (XSS) vulnerability in the WAGO 750-8212 PFC200 G2 2ETH RS that causes session hijacking. No detailed vulnerability details are currently available

Trust: 1.44

sources: NVD: CVE-2021-46380 // CNVD: CNVD-2022-20694

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-20694

AFFECTED PRODUCTS

vendor:wagomodel: - scope:eqversion:750-8212

Trust: 0.6

sources: CNVD: CNVD-2022-20694

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2022-20694
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-20694
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2022-20694

PATCH

title:Patch for WAGO Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/326636

Trust: 0.6

title:WAGO Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=184817

Trust: 0.6

sources: CNVD: CNVD-2022-20694 // CNNVD: CNNVD-202203-468

EXTERNAL IDS

db:NVDid:CVE-2021-46380

Trust: 2.2

db:CNVDid:CNVD-2022-20694

Trust: 0.6

db:CNNVDid:CNNVD-202203-468

Trust: 0.6

sources: CNVD: CNVD-2022-20694 // CNNVD: CNNVD-202203-468 // NVD: CVE-2021-46380

REFERENCES

url:https://cxsecurity.com/cveshow/cve-2021-46380/

Trust: 0.6

sources: CNVD: CNVD-2022-20694

SOURCES

db:CNVDid:CNVD-2022-20694
db:CNNVDid:CNNVD-202203-468
db:NVDid:CVE-2021-46380

LAST UPDATE DATE

2024-08-14T15:42:33.134000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-20694date:2022-03-18T00:00:00
db:CNNVDid:CNNVD-202203-468date:2023-03-31T00:00:00
db:NVDid:CVE-2021-46380date:2023-11-07T03:39:59.583

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-20694date:2022-03-18T00:00:00
db:CNNVDid:CNNVD-202203-468date:2022-03-04T00:00:00
db:NVDid:CVE-2021-46380date:2022-03-04T16:15:09.683