CVE-2021-34578: WAGO: Authentication Vulnerability in Web-Based Management
First published: Tue Aug 31 2021(Updated: )
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO 750-890/040-000 firmware | <=fw07 | |
| WAGO 750-890/040-000 | ||
| WAGO 750-890/025-001 firmware | <=fw07 | |
| WAGO 750-890/025-001 | ||
| WAGO 750-890/025-002 firmware | <=fw07 | |
| WAGO 750-890/025-002 | ||
| WAGO 750-890/025-000 firmware | <=fw07 | |
| WAGO 750-890/025-000 | ||
| WAGO 750-832/000-002 firmware | <=fw07 | |
| WAGO 750-832/000-002 | ||
| WAGO 750-362 firmware | <=fw07 | |
| WAGO 750-362 firmware | ||
| WAGO 750-823 firmware | <=fw07 | |
| WAGO 750-823 firmware | ||
| WAGO 750-832/000-002 firmware | <=fw07 | |
| WAGO 750-xxx series firmware | ||
| WAGO 750-363/040-000 firmware | <=fw07 | |
| WAGO 750-363 firmware | ||
| WAGO 750-862 firmware | <=fw07 | |
| WAGO 750-xxx series firmware | ||
| WAGO 750-891 firmware | <=fw07 | |
| WAGO 750-891 firmware | ||
| WAGO Ethernet Firmware | <=fw07 | |
| WAGO 750-893 firmware |
Remedy
Update the device to the latest FW version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-34578?
The severity of CVE-2021-34578 is critical, with a score of 8.1.
How does CVE-2021-34578 affect WAGO PLCs?
CVE-2021-34578 allows an attacker with access to the WBM to read and write settings-parameters of the device without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Which WAGO PLCs are affected by CVE-2021-34578?
CVE-2021-34578 affects WAGO PLC models 750-890/040-000, 750-890/025-001, 750-890/025-002, 750-890/025-000, 750-832/000-002, 750-362, 750-823, 750-832, 750-363, 750-862, 750-891, and 750-893 in firmware versions up to FW07.
How can CVE-2021-34578 be fixed?
To fix CVE-2021-34578, it is recommended to update the firmware of the affected WAGO PLC models to a version beyond FW07.
Where can I find more information about CVE-2021-34578?
More information about CVE-2021-34578 can be found at the following reference link: https://cert.vde.com/en-us/advisories/vde-2020-044
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/title
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wago
- canonical/wago 750-890/040-000 firmware
- version/wago 750-890/040-000 firmware/fw07
- canonical/wago 750-890/040-000
- canonical/wago 750-890/025-001 firmware
- version/wago 750-890/025-001 firmware/fw07
- canonical/wago 750-890/025-001
- canonical/wago 750-890/025-002 firmware
- version/wago 750-890/025-002 firmware/fw07
- canonical/wago 750-890/025-002
- canonical/wago 750-890/025-000 firmware
- version/wago 750-890/025-000 firmware/fw07
- canonical/wago 750-890/025-000
- canonical/wago 750-832/000-002 firmware
- version/wago 750-832/000-002 firmware/fw07
- canonical/wago 750-832/000-002
- canonical/wago 750-362 firmware
- version/wago 750-362 firmware/fw07
- canonical/wago 750-823 firmware
- version/wago 750-823 firmware/fw07
- canonical/wago 750-xxx series firmware
- canonical/wago 750-363/040-000 firmware
- version/wago 750-363/040-000 firmware/fw07
- canonical/wago 750-363 firmware
- canonical/wago 750-862 firmware
- version/wago 750-862 firmware/fw07
- canonical/wago 750-891 firmware
- version/wago 750-891 firmware/fw07
- canonical/wago ethernet firmware
- version/wago ethernet firmware/fw07
- canonical/wago 750-893 firmware