CVE-2021-20998

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CERTVDECNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
wago0852-0303_firmware
𝑥
≤ 1.2.3.s0
wago0852-1305_firmware
𝑥
≤ 1.1.7.s0
wago0852-1505_firmware
𝑥
≤ 1.1.6.s0
wago0852-1305\/000-001_firmware
𝑥
≤ 1.0.4.s0
wago0852-1505\/000-001_firmware
𝑥
≤ 1.0.4.s0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2021-013
https://cert.vde.com/en-us/advisories/vde-2021-013