CVE-2021-20995 : What You Need to Know

In multiple managed switches by WAGO, user credentials are stored in webserver cookies within the web-based UI. The vulnerability was published on May 5, 2021, by CERT@VDE.

Understanding CVE-2021-20995

This CVE relates to the storage of user credentials in cookies within the webserver of WAGO managed switches.

What is CVE-2021-20995?

The vulnerability exists in various versions of WAGO managed switches, where user credentials are saved in webserver cookies.

The Impact of CVE-2021-20995

With a CVSS base score of 5.3 (Medium severity), this vulnerability could lead to low confidentiality impact due to the storage of user credentials.

Technical Details of CVE-2021-20995

The vulnerability is caused by the storage of sensitive user information in cleartext in the webserver cookies within the web-based UI of WAGO managed switches.

Vulnerability Description

User credentials stored in cookies could be exposed, risking unauthorized access.

Affected Systems and Versions

0852-0303 (<= V1.2.3.S0)
0852-1305 (<= V1.1.7.S0)
0852-1505 (<= V1.1.6.S0)
0852-1305/000-001 (<= V1.0.4.S0)
0852-1505/000-001 (<= V1.0.4.S0)

Exploitation Mechanism

The vulnerability can be exploited through network-based vectors.

Mitigation and Prevention

To address CVE-2021-20995, take immediate steps and implement long-term security practices.

Immediate Steps to Take

Disable the web server after device installation
Use the Command Line Interface (CLI) for device commissioning
Update to the latest firmware
Restrict network access and avoid direct internet connections

Long-Term Security Practices

Regularly update firmware, audit for vulnerabilities, and follow security best practices.

Patching and Updates

Vulnerabilities are resolved in the following firmware releases:

0852-0303 (HW < 3): V1.2.5.S0
0852-0303 (HW >=3): V1.2.3.S1
0852-1305: V1.1.8.S0
0852-1505: V1.1.7.S0
0852-1305/000-001: V1.1.4.S0
0852-1505/000-001: V1.1.4.S0