CVE-2021-34578 : Security Advisory and Response

This CVE-2021-34578 article discusses a critical authentication vulnerability in the web-based management (WBM) interface of WAGO programmable logic controllers (PLCs).

Understanding CVE-2021-34578

This CVE-2021-34578 vulnerability impacts WAGO PLCs, allowing unauthorized access to device settings through the WBM interface without authentication.

What is CVE-2021-34578?

This vulnerability enables attackers with WBM access to read and modify device parameters without proper authentication on multiple WAGO PLCs running firmware versions up to FW07.

The Impact of CVE-2021-34578

The impact of this critical vulnerability includes high confidentiality, integrity, and availability risks, with a CVSS base score of 9.8.

Technical Details of CVE-2021-34578

This section delves into the vulnerability's detailed technical aspects.

Vulnerability Description

The flaw allows attackers to manipulate device settings via specially crafted requests on affected WAGO PLCs.

Affected Systems and Versions

WAGO PLCs running firmware versions up to FW07, specifically models 750-362, 750-363, 750-823, 750-832, 750-862, 750-891, 750-890, and 750-893.

Exploitation Mechanism

Attackers exploit the vulnerability by sending unauthorized requests through the WBM interface without needing any authentication, risking device compromise.

Mitigation and Prevention

This section outlines strategies to mitigate and prevent the CVE-2021-34578 vulnerability.

Immediate Steps to Take

Update affected devices to the latest FW version.
Restrict network access to the PLC.
Avoid direct internet connectivity.

Long-Term Security Practices

Disable unused TCP/UDP ports on the device.
Secure the device post-configuration by disabling WBM ports 80/443.

Patching and Updates

Regularly apply security patches and firmware updates from WAGO to address known vulnerabilities.