CVE-2021-21001

WAGO: PFC200 Access to files outside the home directory

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios

*Credits: These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE.

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-12-17 CVE Reserved
2021-05-24 CVE Published
2023-11-20 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source
https://cert.vde.com/en-us/advisories/vde-2021-014	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wago Search vendor "Wago"	750-823 Firmware Search vendor "Wago" for product "750-823 Firmware"	<= fw07 Search vendor "Wago" for product "750-823 Firmware" and version " <= fw07"	-	Affected	in	Wago Search vendor "Wago"	750-823 Search vendor "Wago" for product "750-823"	-	-	Safe
Wago Search vendor "Wago"	750-829 Firmware Search vendor "Wago" for product "750-829 Firmware"	<= fw14 Search vendor "Wago" for product "750-829 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-829 Search vendor "Wago" for product "750-829"	-	-	Safe
Wago Search vendor "Wago"	750-831 Firmware Search vendor "Wago" for product "750-831 Firmware"	<= fw14 Search vendor "Wago" for product "750-831 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-831 Search vendor "Wago" for product "750-831"	-	-	Safe
Wago Search vendor "Wago"	750-832 Firmware Search vendor "Wago" for product "750-832 Firmware"	<= fw06 Search vendor "Wago" for product "750-832 Firmware" and version " <= fw06"	-	Affected	in	Wago Search vendor "Wago"	750-832 Search vendor "Wago" for product "750-832"	-	-	Safe
Wago Search vendor "Wago"	750-852 Firmware Search vendor "Wago" for product "750-852 Firmware"	<= fw14 Search vendor "Wago" for product "750-852 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-852 Search vendor "Wago" for product "750-852"	-	-	Safe
Wago Search vendor "Wago"	750-862 Firmware Search vendor "Wago" for product "750-862 Firmware"	<= fw07 Search vendor "Wago" for product "750-862 Firmware" and version " <= fw07"	-	Affected	in	Wago Search vendor "Wago"	750-862 Search vendor "Wago" for product "750-862"	-	-	Safe
Wago Search vendor "Wago"	750-880 Firmware Search vendor "Wago" for product "750-880 Firmware"	<= fw15 Search vendor "Wago" for product "750-880 Firmware" and version " <= fw15"	-	Affected	in	Wago Search vendor "Wago"	750-880 Search vendor "Wago" for product "750-880"	-	-	Safe
Wago Search vendor "Wago"	750-881 Firmware Search vendor "Wago" for product "750-881 Firmware"	<= fw14 Search vendor "Wago" for product "750-881 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-881 Search vendor "Wago" for product "750-881"	-	-	Safe
Wago Search vendor "Wago"	750-882 Firmware Search vendor "Wago" for product "750-882 Firmware"	<= fw14 Search vendor "Wago" for product "750-882 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-882 Search vendor "Wago" for product "750-882"	-	-	Safe
Wago Search vendor "Wago"	750-885 Firmware Search vendor "Wago" for product "750-885 Firmware"	<= fw14 Search vendor "Wago" for product "750-885 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-885 Search vendor "Wago" for product "750-885"	-	-	Safe
Wago Search vendor "Wago"	750-889 Firmware Search vendor "Wago" for product "750-889 Firmware"	<= fw14 Search vendor "Wago" for product "750-889 Firmware" and version " <= fw14"	-	Affected	in	Wago Search vendor "Wago"	750-889 Search vendor "Wago" for product "750-889"	-	-	Safe
Wago Search vendor "Wago"	750-890 Firmware Search vendor "Wago" for product "750-890 Firmware"	<= fw07 Search vendor "Wago" for product "750-890 Firmware" and version " <= fw07"	-	Affected	in	Wago Search vendor "Wago"	750-890 Search vendor "Wago" for product "750-890"	-	-	Safe
Wago Search vendor "Wago"	750-891 Firmware Search vendor "Wago" for product "750-891 Firmware"	<= fw07 Search vendor "Wago" for product "750-891 Firmware" and version " <= fw07"	-	Affected	in	Wago Search vendor "Wago"	750-891 Search vendor "Wago" for product "750-891"	-	-	Safe
Wago Search vendor "Wago"	750-893 Firmware Search vendor "Wago" for product "750-893 Firmware"	<= fw07 Search vendor "Wago" for product "750-893 Firmware" and version " <= fw07"	-	Affected	in	Wago Search vendor "Wago"	750-893 Search vendor "Wago" for product "750-893"	-	-	Safe
Wago Search vendor "Wago"	750-8202 Firmware Search vendor "Wago" for product "750-8202 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8202 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8202 Search vendor "Wago" for product "750-8202"	-	-	Safe
Wago Search vendor "Wago"	750-8203 Firmware Search vendor "Wago" for product "750-8203 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8203 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8203 Search vendor "Wago" for product "750-8203"	-	-	Safe
Wago Search vendor "Wago"	750-8204 Firmware Search vendor "Wago" for product "750-8204 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8204 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8204 Search vendor "Wago" for product "750-8204"	-	-	Safe
Wago Search vendor "Wago"	750-8206 Firmware Search vendor "Wago" for product "750-8206 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8206 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8206 Search vendor "Wago" for product "750-8206"	-	-	Safe
Wago Search vendor "Wago"	750-8207 Firmware Search vendor "Wago" for product "750-8207 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8207 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8207 Search vendor "Wago" for product "750-8207"	-	-	Safe
Wago Search vendor "Wago"	750-8208 Firmware Search vendor "Wago" for product "750-8208 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8208 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8208 Search vendor "Wago" for product "750-8208"	-	-	Safe
Wago Search vendor "Wago"	750-8210 Firmware Search vendor "Wago" for product "750-8210 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8210 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8210 Search vendor "Wago" for product "750-8210"	-	-	Safe
Wago Search vendor "Wago"	750-8211 Firmware Search vendor "Wago" for product "750-8211 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8211 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8211 Search vendor "Wago" for product "750-8211"	-	-	Safe
Wago Search vendor "Wago"	750-8212 Firmware Search vendor "Wago" for product "750-8212 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8212 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8212 Search vendor "Wago" for product "750-8212"	-	-	Safe
Wago Search vendor "Wago"	750-8213 Firmware Search vendor "Wago" for product "750-8213 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8213 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8213 Search vendor "Wago" for product "750-8213"	-	-	Safe
Wago Search vendor "Wago"	750-8214 Firmware Search vendor "Wago" for product "750-8214 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8214 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8214 Search vendor "Wago" for product "750-8214"	-	-	Safe
Wago Search vendor "Wago"	750-8216 Firmware Search vendor "Wago" for product "750-8216 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8216 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8216 Search vendor "Wago" for product "750-8216"	-	-	Safe
Wago Search vendor "Wago"	750-8217 Firmware Search vendor "Wago" for product "750-8217 Firmware"	< 03.06.19_\(18\) Search vendor "Wago" for product "750-8217 Firmware" and version " < 03.06.19_\(18\)"	-	Affected	in	Wago Search vendor "Wago"	750-8217 Search vendor "Wago" for product "750-8217"	-	-	Safe