admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/20xxx/CVE-2021-20997.json

153 lines
6.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2020-12-17 22:03:03 +00:00
{
"CVE_data_meta": {
updated CVE-2020-12526, CVE-2021-20986, CVE-2021-20987, CVE-2021-20988, CVE-2021-20993, CVE-2021-20994, CVE-2021-20995, CVE-2021-20996, CVE-2021-20997, CVE-2021-20998, CVE-2021-20999,
2021-05-12 08:48:46 +02:00
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-05T10:00:00.000Z",
"-Synchronized-Data."
2020-12-17 22:03:03 +00:00
"ID": "CVE-2021-20997",
updated CVE-2020-12526, CVE-2021-20986, CVE-2021-20987, CVE-2021-20988, CVE-2021-20993, CVE-2021-20994, CVE-2021-20995, CVE-2021-20996, CVE-2021-20997, CVE-2021-20998, CVE-2021-20999,
2021-05-12 08:48:46 +02:00
"STATE": "PUBLIC",
"TITLE": "WAGO: Managed Switches: Unauthorized access to password hashes"
"-Synchronized-Data."
2020-12-17 22:03:03 +00:00
},
updated CVE-2020-12526, CVE-2021-20986, CVE-2021-20987, CVE-2021-20988, CVE-2021-20993, CVE-2021-20994, CVE-2021-20995, CVE-2021-20996, CVE-2021-20997, CVE-2021-20998, CVE-2021-20999,
2021-05-12 08:48:46 +02:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "0852-0303",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "V1.2.3.S0"
}
]
}
},
{
"product_name": "0852-1305",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "V1.1.7.S0"
}
]
}
},
{
"product_name": "0852-1505",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "V1.1.6.S0"
}
]
}
},
{
"product_name": "0852-1305/000-001",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "V1.0.4.S0"
}
]
}
},
{
"product_name": "0852-1505/000-001",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "V1.0.4.S0"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Tobias Augustin and Stephan Tigges of IKS Institut für Kooperative Systeme GmbH, Kai Gaul and Jan Rübenach of ABO Wind AG, coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2020-12-17 22:03:03 +00:00
"description": {
"description_data": [
{
"lang": "eng",
updated CVE-2020-12526, CVE-2021-20986, CVE-2021-20987, CVE-2021-20988, CVE-2021-20993, CVE-2021-20994, CVE-2021-20995, CVE-2021-20996, CVE-2021-20997, CVE-2021-20998, CVE-2021-20999,
2021-05-12 08:48:46 +02:00
"value": "In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users."
"-Synchronized-Data."
2020-12-17 22:03:03 +00:00
}
]
updated CVE-2020-12526, CVE-2021-20986, CVE-2021-20987, CVE-2021-20988, CVE-2021-20993, CVE-2021-20994, CVE-2021-20995, CVE-2021-20996, CVE-2021-20997, CVE-2021-20998, CVE-2021-20999,
2021-05-12 08:48:46 +02:00
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-013",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-013"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities.\n\nRegardless of the action described above, the vulnerabilities are fixed with following firmware releases:\nItem number [FW version]\n0852-0303 (HW < 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide.\n0852-0303 (HW >=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide.\n0852-1305 [V1.1.8.S0]\n0852-1505 [V1.1.7.S0]\n0852-1305/000-001 [V1.1.4.S0]\n0852-1505/000-001 [V1.1.4.S0]"
}
],
"source": {
"advisory": "VDE-2021-013",
"defect": [
"VDE-2021-013"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable the web server of the device.\nUse the CLI interface of the device.\nUpdate to the latest firmware.\nRestrict network access to the device.\nDo not directly connect the device to the internet."
}
]
"-Synchronized-Data."
2020-12-17 22:03:03 +00:00
}
Reference in New Issue Copy Permalink