CVE-2021-20996— WAGO: Managed Switches: Unsecure Cookie settings

CVSS 5.3 · Medium EPSS 0.21% · P42 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-20996

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

WAGO: Managed Switches: Unsecure Cookie settings

Source: NVD (National Vulnerability Database)

Vulnerability Description

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键资源的不正确权限授予

Source: NVD (National Vulnerability Database)

Vulnerability Title

WAGO 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WAGO是德国万可（WAGO）的一款750-88x系列可编程逻辑控制器。该设备专门为在工业环境下应用而设计的数字运算操作电子系统。 WAGO 存在安全漏洞。攻击者可以利用特制的请求导致Cookie转移到第三方。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
WAGO	0852-0303	unspecified ~ V1.2.3.S0	-
WAGO	0852-1305	unspecified ~ V1.1.7.S0	-
WAGO	0852-1505	unspecified ~ V1.1.6.S0	-
WAGO	0852-1305/000-001	unspecified ~ V1.0.4.S0	-
WAGO	0852-1505/000-001	unspecified ~ V1.0.4.S0	-

II. Public POCs for CVE-2021-20996

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-20996

请登录查看更多情报信息。

https://cert.vde.com/en-us/advisories/vde-2021-013x_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2021-20996

Same Patch Batch · WAGO · 2021-05-13 · 6 CVEs total

CVE-2021-20998	10.0 CRITICAL	WAGO: Managed Switches: Unauthorized creation of user accounts
CVE-2021-20994	8.8 HIGH	WAGO: Managed Switches: Reflected Cross-site Scripting
CVE-2021-20997	7.5 HIGH	WAGO: Managed Switches: Unauthorized access to password hashes
CVE-2021-20993	5.3 MEDIUM	WAGO: Managed Switches: Exposure of sensitive information through directory listing
CVE-2021-20995	5.3 MEDIUM	WAGO: Managed Switches: Storage of user credentials in a cookie

IV. Related Vulnerabilities

Same product: 0852-0303

Same vendor: WAGO

Same weakness: CWE-732

V. Comments for CVE-2021-20996

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-20996— WAGO: Managed Switches: Unsecure Cookie settings

I. Basic Information for CVE-2021-20996

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-20996

III. Intelligence Information for CVE-2021-20996

Same Patch Batch · WAGO · 2021-05-13 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-20996

Leave a comment