CVE-2018-16210 in 750-881
Summary
by MITRE
WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/13/2025
The vulnerability CVE-2018-16210 affects WAGO 750-881 Ethernet Controller devices running firmware versions 01.09.18(13) and earlier, representing a critical cross-site scripting flaw in the device's web-based management interface. This vulnerability specifically targets the SNMP configuration section where user-supplied input is not properly sanitized before being rendered back to the web interface. The affected parameters include SNMP_DESC and SNMP_LOC_SNMP_CONT fields within the webserv/cplcfg/snmp.ssi page, making the device susceptible to malicious script injection attacks that can persist across user sessions.
The technical implementation of this vulnerability stems from inadequate input validation and output encoding practices within the web server component of the WAGO controller. When administrators or users enter data into the SNMP description or location fields, the system fails to properly escape special characters and HTML tags that could be interpreted as executable code by web browsers. This flaw falls under CWE-79 which specifically addresses cross-site scripting vulnerabilities, where the system does not adequately validate or sanitize user-provided data before incorporating it into dynamically generated web content. The vulnerability allows attackers to inject malicious JavaScript code that executes in the context of other users' browsers who view the affected SNMP configuration pages, potentially enabling session hijacking, data exfiltration, or further exploitation of the device.
The operational impact of this vulnerability extends beyond simple script execution as it compromises the integrity of the device's management interface and potentially the entire network infrastructure it manages. An attacker who successfully exploits this vulnerability could gain persistent access to the device's configuration interface, modify SNMP settings to redirect traffic to malicious servers, or execute arbitrary commands with the privileges of the web interface user. This represents a significant risk for industrial control systems where these devices often serve as critical network endpoints managing physical processes and security controls. The vulnerability affects the device's ability to maintain secure communication channels and can lead to unauthorized access to sensitive operational data, particularly in environments where SNMP is used for network monitoring and management purposes.
Organizations should implement immediate mitigations including firmware updates to versions that address the XSS vulnerability, network segmentation to limit access to these devices, and enhanced monitoring of SNMP configuration changes. The ATT&CK framework categorizes this vulnerability under T1190 - Exploit Public-Facing Application, highlighting the need for proper input validation and output encoding as defensive measures. Additional protective measures include implementing web application firewalls to filter malicious payloads, restricting administrative access to only trusted networks, and conducting regular security assessments of industrial control system components. The vulnerability demonstrates the critical importance of secure coding practices in embedded systems and the need for comprehensive security testing of all user-facing interfaces in industrial network equipment to prevent exploitation that could compromise operational technology environments.