CVE-2021-20997

WAGO: Managed Switches: Unauthorized access to password hashes

Description

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.

Remediation

Solution:

  • The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities. Regardless of the action described above, the vulnerabilities are fixed with following firmware releases: Item number [FW version] 0852-0303 (HW < 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide. 0852-0303 (HW >=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide. 0852-1305 [V1.1.8.S0] 0852-1505 [V1.1.7.S0] 0852-1305/000-001 [V1.1.4.S0] 0852-1505/000-001 [V1.1.4.S0]

Workaround:

  • Disable the web server of the device. Use the CLI interface of the device. Update to the latest firmware. Restrict network access to the device. Do not directly connect the device to the internet.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.25%
Third-Party Advisory vde.com
Affected: WAGO 0852-0303
Affected: WAGO 0852-1305
Affected: WAGO 0852-1505
Affected: WAGO 0852-1305/000-001
Affected: WAGO 0852-1505/000-001
Published at:
Updated at:

References

Link Tags
https://cert.vde.com/en-us/advisories/vde-2021-013 third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-20997?
CVE-2021-20997 has been scored as a high severity vulnerability.
How to fix CVE-2021-20997?
To fix CVE-2021-20997: The Web-Based Management is only needed during installation and commissioning, not during normal operations. It is recommended to disable the web server after commissioning. The Command Line Interface (CLI) is an alternative for commissioning the device. This is the easiest and securest way to protect your device from the listed vulnerabilities. Regardless of the action described above, the vulnerabilities are fixed with following firmware releases: Item number [FW version] 0852-0303 (HW < 3)* [V1.2.5.S0] Detailed information about the hardware version is described in the installation guide. 0852-0303 (HW >=3)* [V1.2.3.S1] Detailed information about the hardware version is described in the installation guide. 0852-1305 [V1.1.8.S0] 0852-1505 [V1.1.7.S0] 0852-1305/000-001 [V1.1.4.S0] 0852-1505/000-001 [V1.1.4.S0]
Is CVE-2021-20997 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-20997 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-20997?
CVE-2021-20997 affects WAGO 0852-0303, WAGO 0852-1305, WAGO 0852-1505, WAGO 0852-1305/000-001, WAGO 0852-1505/000-001.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.