First published: Tue Aug 31 2021(Updated: )
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wago 750-890\/040-000 Firmware | <=fw07 | |
Wago 750-890\/040-000 | ||
Wago 750-890\/025-001 Firmware | <=fw07 | |
Wago 750-890\/025-001 | ||
Wago 750-890\/025-002 Firmware | <=fw07 | |
Wago 750-890\/025-002 | ||
Wago 750-890\/025-000 Firmware | <=fw07 | |
Wago 750-890\/025-000 | ||
Wago 750-832\/000-002 Firmware | <=fw07 | |
Wago 750-832\/000-002 | ||
Wago 750-362 Firmware | <=fw07 | |
WAGO 750-362 | ||
Wago 750-823 Firmware | <=fw07 | |
WAGO 750-823 | ||
Wago 750-832 Firmware | <=fw07 | |
WAGO 750-832 | ||
Wago 750-363 Firmware | <=fw07 | |
WAGO 750-363 | ||
Wago 750-862 Firmware | <=fw07 | |
WAGO 750-862 | ||
Wago 750-891 Firmware | <=fw07 | |
WAGO 750-891 | ||
Wago 750-893 Firmware | <=fw07 | |
Wago 750-893 |
Update the device to the latest FW version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-34578 is critical, with a score of 8.1.
CVE-2021-34578 allows an attacker with access to the WBM to read and write settings-parameters of the device without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVE-2021-34578 affects WAGO PLC models 750-890/040-000, 750-890/025-001, 750-890/025-002, 750-890/025-000, 750-832/000-002, 750-362, 750-823, 750-832, 750-363, 750-862, 750-891, and 750-893 in firmware versions up to FW07.
To fix CVE-2021-34578, it is recommended to update the firmware of the affected WAGO PLC models to a version beyond FW07.
More information about CVE-2021-34578 can be found at the following reference link: https://cert.vde.com/en-us/advisories/vde-2020-044