CVE-2018-16210

Name of the Vulnerable Software and Affected Versions WAGO 750-88X and WAGO 750-89X Ethernet Controller devices versions 01.09.18(13) and before

Description The issue concerns a cross-site scripting (XSS) flaw in the SNMP configuration of the affected devices. This flaw can be exploited via the webserv/cplcfg/snmp.ssi endpoint, specifically through the SNMP DESC or SNMP LOC SNMP CONT fields.

Recommendations For versions 01.09.18(13) and before, update to a version later than 01.09.18(13) to resolve the issue. As a temporary workaround, consider restricting access to the webserv/cplcfg/snmp.ssi endpoint until a patch is available. Avoid using the SNMP DESC or SNMP LOC SNMP CONT fields in the SNMP configuration until the issue is resolved.