CVE-2018-16210 - Vulnerability Details

Description

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.

Published: 2018-10-12

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-362_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-362:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-363_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-363:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:750-352_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-352:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:wago:wago_750-881_ethernet_controller_devices_firmware:01.08.01\(10\):::::::*
	cpe:2.3:o:wago:wago_750-881_ethernet_controller_devices_firmware:01.09.18\(13\):::::::*

cpe:2.3:h:wago:wago_750-881_ethernet_controller_devices:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2018-8062	WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00328.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.exploit-db.com/exploits/45581/

History

Fri, 13 Jun 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wago 750-352 Wago 750-352 Firmware Wago 750-362 Wago 750-362 Firmware Wago 750-363 Wago 750-363 Firmware Wago 750-823 Wago 750-823 Firmware Wago 750-831 Wago 750-831 Firmware Wago 750-832 Wago 750-832 Firmware Wago 750-852 Wago 750-852 Firmware Wago 750-862 Wago 750-862 Firmware Wago 750-880 Wago 750-880 Firmware Wago 750-881 Wago 750-881 Firmware Wago 750-889 Wago 750-889 Firmware Wago 750-890 Wago 750-890 Firmware Wago 750-891 Wago 750-891 Firmware
CPEs		cpe:2.3:h:wago:750-352:-:::::::* cpe:2.3:h:wago:750-362:-:::::::* cpe:2.3:h:wago:750-363:-:::::::* cpe:2.3:h:wago:750-823:-:::::::* cpe:2.3:h:wago:750-831:-:::::::* cpe:2.3:h:wago:750-832:-:::::::* cpe:2.3:h:wago:750-852:-:::::::* cpe:2.3:h:wago:750-862:-:::::::* cpe:2.3:h:wago:750-880:-:::::::* cpe:2.3:h:wago:750-881:-:::::::* cpe:2.3:h:wago:750-889:-:::::::* cpe:2.3:h:wago:750-890:-:::::::* cpe:2.3:h:wago:750-891:-:::::::* cpe:2.3:o:wago:750-352_firmware:::::::: cpe:2.3:o:wago:750-362_firmware:::::::: cpe:2.3:o:wago:750-363_firmware:::::::: cpe:2.3:o:wago:750-823_firmware:::::::: cpe:2.3:o:wago:750-831_firmware:::::::: cpe:2.3:o:wago:750-832_firmware:::::::: cpe:2.3:o:wago:750-852_firmware:::::::: cpe:2.3:o:wago:750-862_firmware:::::::: cpe:2.3:o:wago:750-880_firmware:::::::: cpe:2.3:o:wago:750-881_firmware:::::::: cpe:2.3:o:wago:750-889_firmware:::::::: cpe:2.3:o:wago:750-890_firmware:::::::: cpe:2.3:o:wago:750-891_firmware::::::::
Vendors & Products		Wago 750-352 Wago 750-352 Firmware Wago 750-362 Wago 750-362 Firmware Wago 750-363 Wago 750-363 Firmware Wago 750-823 Wago 750-823 Firmware Wago 750-831 Wago 750-831 Firmware Wago 750-832 Wago 750-832 Firmware Wago 750-852 Wago 750-852 Firmware Wago 750-862 Wago 750-862 Firmware Wago 750-880 Wago 750-880 Firmware Wago 750-881 Wago 750-881 Firmware Wago 750-889 Wago 750-889 Firmware Wago 750-890 Wago 750-890 Firmware Wago 750-891 Wago 750-891 Firmware
Metrics	cvssV3_0 `{'score': 6.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Subscriptions

Wago 750-352 750-352 Firmware 750-362 750-362 Firmware 750-363 750-363 Firmware 750-823 750-823 Firmware 750-831 750-831 Firmware 750-832 750-832 Firmware 750-852 750-852 Firmware 750-862 750-862 Firmware 750-880 750-880 Firmware 750-881 750-881 Firmware 750-889 750-889 Firmware 750-890 750-890 Firmware 750-891 750-891 Firmware Wago 750-881 Ethernet Controller Devices Wago 750-881 Ethernet Controller Devices Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-12T20:00:00.000Z

Updated: 2024-08-05T10:17:38.400Z

Reserved: 2018-08-30T00:00:00.000Z

Link: CVE-2018-16210

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-10-12T22:15:07.377

Modified: 2025-06-13T17:56:26.900

Link: CVE-2018-16210

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object