Products

Solutions

Company

Book A Live Demo

CVE-2021-20993 : Security Advisory and Response

Learn about CVE-2021-20993 detailing the exposure of sensitive information through directory listing in WAGO managed switches. Find mitigation steps and firmware updates to address the vulnerability.

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Understanding CVE-2021-20993

This CVE details the exposure of sensitive information through directory listing in managed switches by WAGO.

What is CVE-2021-20993?

The vulnerability allows an attacker to gain access to the index of resources within the directory of affected WAGO managed switches.

The Impact of CVE-2021-20993

With a CVSS base score of 5.3, this medium-severity vulnerability could lead to a low impact on confidentiality of information.

Technical Details of CVE-2021-20993

This section covers the vulnerability description, affected systems, versions, and the exploitation mechanism.

Vulnerability Description

The issue arises from the activated directory listing in different versions of WAGO managed switches.

Affected Systems and Versions

0852-0303 (<= V1.2.3.S0)

0852-1305 (<= V1.1.7.S0)

0852-1505 (<= V1.1.6.S0)

0852-1305/000-001 (<= V1.0.4.S0)

0852-1505/000-001 (<= V1.0.4.S0)

Exploitation Mechanism

The vulnerability can be exploited through the activated directory listing by an attacker over the network.

Mitigation and Prevention

Here are the recommended mitigation steps to address CVE-2021-20993.

Immediate Steps to Take

Disable the web server on the device

Use the Command Line Interface (CLI) for device operations

Update affected devices to the latest firmware

Restrict network access and avoid direct internet connections

Long-Term Security Practices

It is crucial to follow security best practices such as regular security assessments, network segmentation, and access control policies.

Patching and Updates

WAGO has released firmware updates to address the vulnerabilities in the affected versions of managed switches.

0852-0303 (HW < 3) - V1.2.5.S0

0852-0303 (HW >=3) - V1.2.3.S1

0852-1305 - V1.1.8.S0

0852-1505 - V1.1.7.S0

0852-1305/000-001 - V1.1.4.S0

0852-1505/000-001 - V1.1.4.S0

CVE-2021-20993 : Security Advisory and Response

Understanding CVE-2021-20993

What is CVE-2021-20993?

The Impact of CVE-2021-20993

Technical Details of CVE-2021-20993

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-20993 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-20993

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-20993?

The Impact of CVE-2021-20993

Technical Details of CVE-2021-20993

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-20993

What is CVE-2021-20993?

Is your System Free of Underlying Vulnerabilities?
Find Out Now