CVE-2021-21001
WAGO: PFC200 Access to files outside the home directory
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseƱados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios
*Credits:
These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-17 CVE Reserved
- 2021-05-24 CVE Published
- 2023-11-20 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://cert.vde.com/en-us/advisories/vde-2021-014 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | 750-823 Firmware Search vendor "Wago" for product "750-823 Firmware" | <= fw07 Search vendor "Wago" for product "750-823 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-823 Search vendor "Wago" for product "750-823" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-829 Firmware Search vendor "Wago" for product "750-829 Firmware" | <= fw14 Search vendor "Wago" for product "750-829 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-829 Search vendor "Wago" for product "750-829" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-831 Firmware Search vendor "Wago" for product "750-831 Firmware" | <= fw14 Search vendor "Wago" for product "750-831 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-831 Search vendor "Wago" for product "750-831" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-832 Firmware Search vendor "Wago" for product "750-832 Firmware" | <= fw06 Search vendor "Wago" for product "750-832 Firmware" and version " <= fw06" | - |
Affected
| in | Wago Search vendor "Wago" | 750-832 Search vendor "Wago" for product "750-832" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-852 Firmware Search vendor "Wago" for product "750-852 Firmware" | <= fw14 Search vendor "Wago" for product "750-852 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-852 Search vendor "Wago" for product "750-852" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-862 Firmware Search vendor "Wago" for product "750-862 Firmware" | <= fw07 Search vendor "Wago" for product "750-862 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-862 Search vendor "Wago" for product "750-862" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-880 Firmware Search vendor "Wago" for product "750-880 Firmware" | <= fw15 Search vendor "Wago" for product "750-880 Firmware" and version " <= fw15" | - |
Affected
| in | Wago Search vendor "Wago" | 750-880 Search vendor "Wago" for product "750-880" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-881 Firmware Search vendor "Wago" for product "750-881 Firmware" | <= fw14 Search vendor "Wago" for product "750-881 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-881 Search vendor "Wago" for product "750-881" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-882 Firmware Search vendor "Wago" for product "750-882 Firmware" | <= fw14 Search vendor "Wago" for product "750-882 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-882 Search vendor "Wago" for product "750-882" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-885 Firmware Search vendor "Wago" for product "750-885 Firmware" | <= fw14 Search vendor "Wago" for product "750-885 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-885 Search vendor "Wago" for product "750-885" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-889 Firmware Search vendor "Wago" for product "750-889 Firmware" | <= fw14 Search vendor "Wago" for product "750-889 Firmware" and version " <= fw14" | - |
Affected
| in | Wago Search vendor "Wago" | 750-889 Search vendor "Wago" for product "750-889" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-890 Firmware Search vendor "Wago" for product "750-890 Firmware" | <= fw07 Search vendor "Wago" for product "750-890 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-890 Search vendor "Wago" for product "750-890" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-891 Firmware Search vendor "Wago" for product "750-891 Firmware" | <= fw07 Search vendor "Wago" for product "750-891 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-891 Search vendor "Wago" for product "750-891" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-893 Firmware Search vendor "Wago" for product "750-893 Firmware" | <= fw07 Search vendor "Wago" for product "750-893 Firmware" and version " <= fw07" | - |
Affected
| in | Wago Search vendor "Wago" | 750-893 Search vendor "Wago" for product "750-893" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8202 Firmware Search vendor "Wago" for product "750-8202 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8202 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8202 Search vendor "Wago" for product "750-8202" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8203 Firmware Search vendor "Wago" for product "750-8203 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8203 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8203 Search vendor "Wago" for product "750-8203" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8204 Firmware Search vendor "Wago" for product "750-8204 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8204 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8204 Search vendor "Wago" for product "750-8204" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8206 Firmware Search vendor "Wago" for product "750-8206 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8206 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8206 Search vendor "Wago" for product "750-8206" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8207 Firmware Search vendor "Wago" for product "750-8207 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8207 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8207 Search vendor "Wago" for product "750-8207" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8208 Firmware Search vendor "Wago" for product "750-8208 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8208 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8208 Search vendor "Wago" for product "750-8208" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8210 Firmware Search vendor "Wago" for product "750-8210 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8210 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8210 Search vendor "Wago" for product "750-8210" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8211 Firmware Search vendor "Wago" for product "750-8211 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8211 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8211 Search vendor "Wago" for product "750-8211" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8212 Firmware Search vendor "Wago" for product "750-8212 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8212 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8212 Search vendor "Wago" for product "750-8212" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8213 Firmware Search vendor "Wago" for product "750-8213 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8213 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8213 Search vendor "Wago" for product "750-8213" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8214 Firmware Search vendor "Wago" for product "750-8214 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8214 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8214 Search vendor "Wago" for product "750-8214" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8216 Firmware Search vendor "Wago" for product "750-8216 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8216 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8216 Search vendor "Wago" for product "750-8216" | - | - |
Safe
|
Wago Search vendor "Wago" | 750-8217 Firmware Search vendor "Wago" for product "750-8217 Firmware" | < 03.06.19_\(18\) Search vendor "Wago" for product "750-8217 Firmware" and version " < 03.06.19_\(18\)" | - |
Affected
| in | Wago Search vendor "Wago" | 750-8217 Search vendor "Wago" for product "750-8217" | - | - |
Safe
|