CVE-2021-21001 - OpenCVE

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wago	750-8204 750-889 750-831 750-8211 750-893 750-8210 750-885 Firmware 750-8207 750-882 750-862 750-8208 750-889 Firmware 750-8212 750-862 Firmware 750-8206 Firmware 750-8213 750-8217 Firmware 750-829 Firmware 750-8203 Firmware 750-832 750-8216 Firmware 750-8203 750-890 750-8214 Firmware 750-8212 Firmware 750-893 Firmware 750-880 Firmware 750-8202 750-8211 Firmware 750-852 750-823 750-891 Firmware 750-832 Firmware 750-8208 Firmware 750-880 750-8207 Firmware 750-881 Firmware 750-881 750-890 Firmware 750-852 Firmware 750-891 750-8202 Firmware 750-8214 750-8213 Firmware 750-831 Firmware 750-829 750-8206 750-8210 Firmware 750-882 Firmware 750-823 Firmware 750-8204 Firmware 750-8217 750-8216 750-885

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2021-014	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-05-20T00:00:00

Updated: 2021-05-24T11:05:06

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-21001

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-24T11:15:07.980

Modified: 2021-05-28T15:10:14.890

Link: CVE-2021-21001

JSON object: View

Redhat Information

No data.

CWE

CWE-22