Lucene search
CERTVDECVE-2021-21001HistoryMay 24, 2021 - 11:15 a.m.
CVE-2021-21001
2021-05-2411:15:07
CWE-22
CERTVDE
web.nvd.nist.gov
31
2
cve-2021-21001
wago
pfc200
firmware version
file system access
network access
security vulnerability
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
39.7%
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Affected configurations
Node
wago750-823_firmwareRange≤fw07
wago750-823Match-
Node
wago750-829_firmwareRange≤fw14
wago750-829Match-
Node
wago750-831_firmwareRange≤fw14
wago750-831Match-
Node
wago750-832_firmwareRange≤fw06
wago750-832Match-
Node
wago750-852_firmwareRange≤fw14
wago750-852Match-
Node
wago750-862_firmwareRange≤fw07
wago750-862Match-
Node
wago750-880_firmwareRange≤fw15
wago750-880Match-
Node
wago750-881_firmwareRange≤fw14
wago750-881Match-
Node
wago750-882_firmwareRange≤fw14
wago750-882Match-
Node
wago750-885_firmwareRange≤fw14
wago750-885Match-
Node
wago750-889_firmwareRange≤fw14
wago750-889Match-
Node
wago750-890_firmwareRange≤fw07
wago750-890Match-
Node
wago750-891_firmwareRange≤fw07
wago750-891Match-
Node
wago750-893_firmwareRange≤fw07
wago750-893Match-
Node
wago750-8202_firmwareRange<03.06.19_\(18\)
wago750-8202Match-
Node
wago750-8203_firmwareRange<03.06.19_\(18\)
wago750-8203Match-
Node
wago750-8204_firmwareRange<03.06.19_\(18\)
wago750-8204Match-
Node
wago750-8206_firmwareRange<03.06.19_\(18\)
wago750-8206Match-
Node
wago750-8207_firmwareRange<03.06.19_\(18\)
wago750-8207Match-
Node
wago750-8208_firmwareRange<03.06.19_\(18\)
wago750-8208Match-
Node
wago750-8210_firmwareRange<03.06.19_\(18\)
wago750-8210Match-
Node
wago750-8211_firmwareRange<03.06.19_\(18\)
wago750-8211Match-
Node
wago750-8212_firmwareRange<03.06.19_\(18\)
wago750-8212Match-
Node
wago750-8213_firmwareRange<03.06.19_\(18\)
wago750-8213Match-
Node
wago750-8214_firmwareRange<03.06.19_\(18\)
wago750-8214Match-
Node
wago750-8216_firmwareRange<03.06.19_\(18\)
wago750-8216Match-
Node
wago750-8217_firmwareRange<03.06.19_\(18\)
wago750-8217Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wago | 750-823_firmware | * | cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:* |
| wago | 750-823 | - | cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:* |
| wago | 750-829_firmware | * | cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:* |
| wago | 750-829 | - | cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:* |
| wago | 750-831_firmware | * | cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:* |
| wago | 750-831 | - | cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:* |
| wago | 750-832_firmware | * | cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:* |
| wago | 750-832 | - | cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:* |
| wago | 750-852_firmware | * | cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:* |
| wago | 750-852 | - | cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Series PFC200 Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-823",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-829",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-831/000-00x",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW06",
"status": "affected",
"version": "750-832/000-00x",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-852",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-862",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW15",
"status": "affected",
"version": "750-880/0xx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-881",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-882",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-885/0xx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-889",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-890/0xx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-891",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-893",
"versionType": "custom"
}
]
},
{
"product": "Series Ethernet Controller",
"vendor": "WAGO",
"versions": [
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8202/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8203/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8204/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8206/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8207/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8208/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8210/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8211/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8212/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8213/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8214/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8216/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8217/xxx-xxx",
"versionType": "custom"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2021-21001
2021-05-24 11:15:07
nessus
nessus
Wago PFC200 Path Traversal (CVE-2021-21001)
2022-07-21 00:00:00
prion
prion
Design/Logic Flaw
2021-05-24 11:15:00
cvelist
cvelist
CVE-2021-21001 WAGO: PFC200 Access to files outside the home directory
2021-05-24 11:05:06
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
39.7%
Related for CVE-2021-21001