{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3587", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-03-05T09:44:25.876Z", "datePublished": "2026-03-23T07:49:17.325Z", "dateUpdated": "2026-03-24T07:38:36.602Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1812", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813-000-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.3.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1816", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-303", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.8.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1305", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.0.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1305-000-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.0.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1505-000-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.0.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1505", "vendor": "WAGO", "versions": [{"lessThan": "V1.1.9.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-602", "vendor": "WAGO", "versions": [{"lessThan": "V1.0.6.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-603", "vendor": "WAGO", "versions": [{"lessThan": "V1.0.6.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1605", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.5.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1812-010-000", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813-010-000", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1816-010-000", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813/010-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."}], "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Hidden Functionality", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-24T07:38:36.602Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-020"}], "source": {"advisory": "VDE-2026-020", "defect": ["CERT@VDE#641971"], "discovery": "UNKNOWN"}, "title": "Hidden CLI Function Allows Root Access", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:05:17.517159Z", "id": "CVE-2026-3587", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:05:54.645Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3587", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:05:17.517159Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:05:45.712Z"}}], "cna": {"title": "Hidden CLI Function Allows Root Access", "source": {"defect": ["CERT@VDE#641971"], "advisory": "VDE-2026-020", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WAGO", "product": "Lean Managed Switch 852-1812", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813-000-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.3.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1816", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-303", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.8.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1305", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.0.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1305-000-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.0.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1505-000-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.0.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1505", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.1.9.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-602", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.0.6.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-603", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.0.6.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1605", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.5.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1812-010-000", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813-010-000", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1816-010-000", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813/010-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-020"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "CWE-912 Hidden Functionality"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-24T07:38:36.602Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3587", "state": "PUBLISHED", "dateUpdated": "2026-03-24T07:38:36.602Z", "dateReserved": "2026-03-05T09:44:25.876Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-03-23T07:49:17.325Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."}], "id": "CVE-2026-3587", "lastModified": "2026-03-24T08:16:01.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2026-03-23T08:16:17.360", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2026-020"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-912"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.0.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "industrial_managed_switch_852-1305", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.0.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Industrial Managed Switch 852-1305-000-001", "source": "cna", "vendor": "WAGO"}, "product": "industrial_managed_switch_852-1305-000-001", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.1.9.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "industrial_managed_switch_852-1505", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.0.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Industrial Managed Switch 852-1505-000-001", "source": "cna", "vendor": "WAGO"}, "product": "industrial_managed_switch_852-1505-000-001", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.5.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "industrial_managed_switch_852-1605", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.8.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "industrial_managed_switch_852-303", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.0.6.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "industrial_managed_switch_852-602", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.0.6.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "industrial_managed_switch_852-603", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1812", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1812", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1812-010-000", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1812-010-000", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1813", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1813", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.3.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1813-000-001", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1813-000-001", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1813-010-000", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1813-010-000", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1813/010-001", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1813/010-001", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1816", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1816", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.0.0,V1.2.1.S0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lean Managed Switch 852-1816-010-000", "source": "cna", "vendor": "WAGO"}, "product": "lean_managed_switch_852-1816-010-000", "vendor": "wago"}], "analysis": {"en": {"generated_at": "2026-03-24T09:21:53.764228+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update or patch released by WAGO that addresses the hidden CLI exploitation.", "Restrict external network access to the device\u2019s CLI interface using firewall rules or network segmentation.", "If the CLI is not required for remote management, consider disabling it or requiring strong authentication for any remote access.", "Continuously monitor device logs for unexpected CLI activity to detect potential abuse."], "summary": {"action": "Immediate Patch", "impact": "Root Access"}, "threat_synthesis": {"affected_systems": "All WAGO Industrial and Lean Managed Switch models enumerated in the CNA list, including the 852\u20111305 series, 852\u20111505 series, 852\u20111605, 852\u2011303, 852\u2011602, 852\u2011603, 852\u20111812, 852\u20111813, and 852\u20111816, along with their variant identifiers such as 852\u20111305\u2011000\u2011001 and 852\u20111813\u2011010\u2011001.", "description_and_impact": "This vulnerability arises from a hidden command in the command line interface that, when invoked, unexpectedly removes the restrictions normally defined for the interface. Because the function can be triggered without authentication, a remote attacker who can reach the device can use it to gain full administrative privileges, effectively achieving arbitrary code execution and compromising the device and any network services it provides. The weakness corresponds to the logic\u2011based bypass described by CWE\u2011912.", "risk_and_exploitability": "The CVSS score of 10 indicates maximum severity, while the EPSS score of less than 1% suggests that, so far, exploitation is uncommon but possible. The likely attack vector is remote network access to the device\u2019s CLI, giving an unauthenticated attacker the ability to invoke the hidden command. Although the vulnerability is not listed in the CISA KEV catalog, its high severity and the lack of an authentication barrier mean it should be treated with the utmost urgency."}}}}, "created": "2026-03-24T10:34:53.180758+00:00", "updated": "2026-03-25T14:49:30.080414+00:00", "vendors": ["wago", "wago$PRODUCT$industrial_managed_switch_852-1305", "wago$PRODUCT$industrial_managed_switch_852-1305-000-001", "wago$PRODUCT$industrial_managed_switch_852-1505", "wago$PRODUCT$industrial_managed_switch_852-1505-000-001", "wago$PRODUCT$industrial_managed_switch_852-1605", "wago$PRODUCT$industrial_managed_switch_852-303", "wago$PRODUCT$industrial_managed_switch_852-602", "wago$PRODUCT$industrial_managed_switch_852-603", "wago$PRODUCT$lean_managed_switch_852-1812", "wago$PRODUCT$lean_managed_switch_852-1812-010-000", "wago$PRODUCT$lean_managed_switch_852-1813", "wago$PRODUCT$lean_managed_switch_852-1813-000-001", "wago$PRODUCT$lean_managed_switch_852-1813-010-000", "wago$PRODUCT$lean_managed_switch_852-1813/010-001", "wago$PRODUCT$lean_managed_switch_852-1816", "wago$PRODUCT$lean_managed_switch_852-1816-010-000"]}