CVE-2021-20993

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
13/05/2021
Last modified:
20/05/2021

Description

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:* 1.2.3.s0 (including)
cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:* 1.1.7.s0 (including)
cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:* 1.1.6.s0 (including)
cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:0852-1305\/000-001_firmware:*:*:*:*:*:*:*:* 1.0.4.s0 (including)
cpe:2.3:h:wago:0852-1305\/000-001:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:0852-1505\/000-001_firmware:*:*:*:*:*:*:*:* 1.0.4.s0 (including)
cpe:2.3:h:wago:0852-1505\/000-001:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools