// For flags

CVE-2021-21001

WAGO: PFC200 Access to files outside the home directory

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseƱados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios

*Credits: These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-05-24 CVE Published
  • 2023-11-20 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL Tag Source
https://cert.vde.com/en-us/advisories/vde-2021-014 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wago
Search vendor "Wago"
750-823 Firmware
Search vendor "Wago" for product "750-823 Firmware"
<= fw07
Search vendor "Wago" for product "750-823 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-823
Search vendor "Wago" for product "750-823"
--
Safe
Wago
Search vendor "Wago"
750-829 Firmware
Search vendor "Wago" for product "750-829 Firmware"
<= fw14
Search vendor "Wago" for product "750-829 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-829
Search vendor "Wago" for product "750-829"
--
Safe
Wago
Search vendor "Wago"
750-831 Firmware
Search vendor "Wago" for product "750-831 Firmware"
<= fw14
Search vendor "Wago" for product "750-831 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-831
Search vendor "Wago" for product "750-831"
--
Safe
Wago
Search vendor "Wago"
750-832 Firmware
Search vendor "Wago" for product "750-832 Firmware"
<= fw06
Search vendor "Wago" for product "750-832 Firmware" and version " <= fw06"
-
Affected
in Wago
Search vendor "Wago"
750-832
Search vendor "Wago" for product "750-832"
--
Safe
Wago
Search vendor "Wago"
750-852 Firmware
Search vendor "Wago" for product "750-852 Firmware"
<= fw14
Search vendor "Wago" for product "750-852 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-852
Search vendor "Wago" for product "750-852"
--
Safe
Wago
Search vendor "Wago"
750-862 Firmware
Search vendor "Wago" for product "750-862 Firmware"
<= fw07
Search vendor "Wago" for product "750-862 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-862
Search vendor "Wago" for product "750-862"
--
Safe
Wago
Search vendor "Wago"
750-880 Firmware
Search vendor "Wago" for product "750-880 Firmware"
<= fw15
Search vendor "Wago" for product "750-880 Firmware" and version " <= fw15"
-
Affected
in Wago
Search vendor "Wago"
750-880
Search vendor "Wago" for product "750-880"
--
Safe
Wago
Search vendor "Wago"
750-881 Firmware
Search vendor "Wago" for product "750-881 Firmware"
<= fw14
Search vendor "Wago" for product "750-881 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-881
Search vendor "Wago" for product "750-881"
--
Safe
Wago
Search vendor "Wago"
750-882 Firmware
Search vendor "Wago" for product "750-882 Firmware"
<= fw14
Search vendor "Wago" for product "750-882 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-882
Search vendor "Wago" for product "750-882"
--
Safe
Wago
Search vendor "Wago"
750-885 Firmware
Search vendor "Wago" for product "750-885 Firmware"
<= fw14
Search vendor "Wago" for product "750-885 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-885
Search vendor "Wago" for product "750-885"
--
Safe
Wago
Search vendor "Wago"
750-889 Firmware
Search vendor "Wago" for product "750-889 Firmware"
<= fw14
Search vendor "Wago" for product "750-889 Firmware" and version " <= fw14"
-
Affected
in Wago
Search vendor "Wago"
750-889
Search vendor "Wago" for product "750-889"
--
Safe
Wago
Search vendor "Wago"
750-890 Firmware
Search vendor "Wago" for product "750-890 Firmware"
<= fw07
Search vendor "Wago" for product "750-890 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-890
Search vendor "Wago" for product "750-890"
--
Safe
Wago
Search vendor "Wago"
750-891 Firmware
Search vendor "Wago" for product "750-891 Firmware"
<= fw07
Search vendor "Wago" for product "750-891 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-891
Search vendor "Wago" for product "750-891"
--
Safe
Wago
Search vendor "Wago"
750-893 Firmware
Search vendor "Wago" for product "750-893 Firmware"
<= fw07
Search vendor "Wago" for product "750-893 Firmware" and version " <= fw07"
-
Affected
in Wago
Search vendor "Wago"
750-893
Search vendor "Wago" for product "750-893"
--
Safe
Wago
Search vendor "Wago"
750-8202 Firmware
Search vendor "Wago" for product "750-8202 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8202 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8202
Search vendor "Wago" for product "750-8202"
--
Safe
Wago
Search vendor "Wago"
750-8203 Firmware
Search vendor "Wago" for product "750-8203 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8203 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8203
Search vendor "Wago" for product "750-8203"
--
Safe
Wago
Search vendor "Wago"
750-8204 Firmware
Search vendor "Wago" for product "750-8204 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8204 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8204
Search vendor "Wago" for product "750-8204"
--
Safe
Wago
Search vendor "Wago"
750-8206 Firmware
Search vendor "Wago" for product "750-8206 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8206 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8206
Search vendor "Wago" for product "750-8206"
--
Safe
Wago
Search vendor "Wago"
750-8207 Firmware
Search vendor "Wago" for product "750-8207 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8207 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8207
Search vendor "Wago" for product "750-8207"
--
Safe
Wago
Search vendor "Wago"
750-8208 Firmware
Search vendor "Wago" for product "750-8208 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8208 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8208
Search vendor "Wago" for product "750-8208"
--
Safe
Wago
Search vendor "Wago"
750-8210 Firmware
Search vendor "Wago" for product "750-8210 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8210 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8210
Search vendor "Wago" for product "750-8210"
--
Safe
Wago
Search vendor "Wago"
750-8211 Firmware
Search vendor "Wago" for product "750-8211 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8211 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8211
Search vendor "Wago" for product "750-8211"
--
Safe
Wago
Search vendor "Wago"
750-8212 Firmware
Search vendor "Wago" for product "750-8212 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8212 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8212
Search vendor "Wago" for product "750-8212"
--
Safe
Wago
Search vendor "Wago"
750-8213 Firmware
Search vendor "Wago" for product "750-8213 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8213 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8213
Search vendor "Wago" for product "750-8213"
--
Safe
Wago
Search vendor "Wago"
750-8214 Firmware
Search vendor "Wago" for product "750-8214 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8214 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8214
Search vendor "Wago" for product "750-8214"
--
Safe
Wago
Search vendor "Wago"
750-8216 Firmware
Search vendor "Wago" for product "750-8216 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8216 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8216
Search vendor "Wago" for product "750-8216"
--
Safe
Wago
Search vendor "Wago"
750-8217 Firmware
Search vendor "Wago" for product "750-8217 Firmware"
< 03.06.19_\(18\)
Search vendor "Wago" for product "750-8217 Firmware" and version " < 03.06.19_\(18\)"
-
Affected
in Wago
Search vendor "Wago"
750-8217
Search vendor "Wago" for product "750-8217"
--
Safe