CVE-2021-21001

EPSS 0.24%
Published 24.05.2021 11:15:07
Last modified 15.08.2025 20:21:10
Source info@cert.vde.com
Teams watchlist Login
Open Login

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Wago ≫ 750-823 Firmware Version < fw08

Wago ≫ 750-823 Version-

Wago ≫ 750-829 Firmware Version < fw15

Wago ≫ 750-829 Version-

Wago ≫ 750-831 Firmware Version < fw15

Wago ≫ 750-831 Version-

Wago ≫ 750-832 Firmware Version < fw08

Wago ≫ 750-832 Version-

Wago ≫ 750-852 Firmware Version < fw15

Wago ≫ 750-852 Version-

Wago ≫ 750-862 Firmware Version < fw08

Wago ≫ 750-862 Version-

Wago ≫ 750-880 Firmware Version < fw16

Wago ≫ 750-880 Version-

Wago ≫ 750-881 Firmware Version < fw15

Wago ≫ 750-881 Version-

Wago ≫ 750-882 Firmware Version < fw15

Wago ≫ 750-882 Version-

Wago ≫ 750-885 Firmware Version < fw15

Wago ≫ 750-885 Version-

Wago ≫ 750-889 Firmware Version < fw15

Wago ≫ 750-889 Version-

Wago ≫ 750-890 Firmware Version < fw08

Wago ≫ 750-890 Version-

Wago ≫ 750-891 Firmware Version < fw08

Wago ≫ 750-891 Version-

Wago ≫ 750-893 Firmware Version < fw08

Wago ≫ 750-893 Version-

Wago ≫ 750-8202 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8202 Version-

Wago ≫ 750-8203 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8203 Version-

Wago ≫ 750-8204 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8204 Version-

Wago ≫ 750-8206 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8206 Version-

Wago ≫ 750-8207 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8207 Version-

Wago ≫ 750-8208 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8208 Version-

Wago ≫ 750-8210 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8210 Version-

Wago ≫ 750-8211 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8211 Version-

Wago ≫ 750-8212 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8212 Version-

Wago ≫ 750-8213 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8213 Version-

Wago ≫ 750-8214 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8214 Version-

Wago ≫ 750-8216 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8216 Version-

Wago ≫ 750-8217 Firmware Version < 03.06.19_\(18\)

Wago ≫ 750-8217 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.468

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
info@cert.vde.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://cert.vde.com/en-us/advisories/vde-2021-014

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21001

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21001

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21001

EUVD