← Back

CVE-2021-20993

nvd nist
Published: May 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Affected (5)

Wago
5 products
0852 0303 Firmware
0852 1305 Firmware
0852 1505 Firmware
0852 1305/000 001 Firmware
0852 1505/000 001 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
0852 0303 Firmware
Up to 1.2.3.s0
Running on/withPlatform Versions
Wago
0852 0303
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
0852 1305 Firmware
Up to 1.1.7.s0
Running on/withPlatform Versions
Wago
0852 1305
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
0852 1505 Firmware
Up to 1.1.6.s0
Running on/withPlatform Versions
Wago
0852 1505
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
0852 1305/000 001 Firmware
Up to 1.0.4.s0
Running on/withPlatform Versions
Wago
0852 1305/000 001
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
0852 1505/000 001 Firmware
Up to 1.0.4.s0
Running on/withPlatform Versions
Wago
0852 1505/000 001
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: info@cert.vde.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.