Stephan Tigges

Name of the Vulnerable Software and Affected Versions: WAGO managed switches (affected versions not specified) Description: The issue allows an attacker to obtain the index of resources inside a directory due to the activated directory listing in multiple managed switches by WAGO. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WAGO managed switches (affected versions not specified) Description: The issue allows an attacker to trick a legitimate user into clicking a link, potentially injecting malicious code into the Web-Based Management of the switches. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WAGO managed switches (affected versions not specified) Description: The web-based UI of the managed switches by WAGO contains a security issue where the webserver cookies store user credentials. This potentially exposes user credentials to unauthorized access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WAGO managed switches (affected versions not specified) Description: The issue allows special crafted requests to lead to cookies being transferred to third parties. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WAGO managed switches (affected versions not specified) Description: The issue allows an attacker to read out the password hashes of all Web-based Management users in multiple managed switches by WAGO. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WAGO managed switches (affected versions not specified) Description: The issue allows creation of users without authorization in multiple managed switches by WAGO, using specially crafted packets. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.