Lucene search

CERTVDECVELIST:CVE-2021-21001

HistoryMay 20, 2021 - 12:00 a.m.

CVE-2021-21001 WAGO: PFC200 Access to files outside the home directory

2021-05-2000:00:00

CWE-22

CERTVDE

www.cve.org

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

CNA Affected

[
  {
    "product": "Series PFC200 Controller",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW07",
        "status": "affected",
        "version": "750-823",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-829",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-831/000-00x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW06",
        "status": "affected",
        "version": "750-832/000-00x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-852",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW07",
        "status": "affected",
        "version": "750-862",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW15",
        "status": "affected",
        "version": "750-880/0xx-xxx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-881",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-882",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-885/0xx-xxx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW14",
        "status": "affected",
        "version": "750-889",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW07",
        "status": "affected",
        "version": "750-890/0xx-xxx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW07",
        "status": "affected",
        "version": "750-891",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "FW07",
        "status": "affected",
        "version": "750-893",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series Ethernet Controller",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8202/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8203/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8204/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8206/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8207/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8208/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8210/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8211/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8212/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8213/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8214/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8216/xxx-xxx",
        "versionType": "custom"
      },
      {
        "lessThan": "03.06.19 (18)",
        "status": "affected",
        "version": "750-8217/xxx-xxx",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2021-014

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

Related for CVELIST:CVE-2021-21001