CVE-2021-21000 - Vulnerability Details

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0013.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago Subscribe	750-8202 Subscribe 750-8202 Firmware Subscribe 750-8203 Subscribe 750-8203 Firmware Subscribe 750-8204 Subscribe 750-8204 Firmware Subscribe 750-8206 Subscribe 750-8206 Firmware Subscribe 750-8207 Subscribe 750-8207 Firmware Subscribe 750-8208 Subscribe 750-8208 Firmware Subscribe 750-8210 Subscribe 750-8210 Firmware Subscribe 750-8211 Subscribe 750-8211 Firmware Subscribe 750-8212 Subscribe 750-8212 Firmware Subscribe 750-8213 Subscribe 750-8213 Firmware Subscribe 750-8214 Subscribe 750-8214 Firmware Subscribe 750-8216 Subscribe 750-8216 Firmware Subscribe 750-8217 Subscribe 750-8217 Firmware Subscribe 750-823 Subscribe 750-823 Firmware Subscribe 750-829 Subscribe 750-829 Firmware Subscribe 750-831 Subscribe 750-831 Firmware Subscribe 750-832 Subscribe 750-832 Firmware Subscribe 750-852 Subscribe 750-852 Firmware Subscribe 750-862 Subscribe 750-862 Firmware Subscribe 750-880 Subscribe 750-880 Firmware Subscribe 750-881 Subscribe 750-881 Firmware Subscribe 750-882 Subscribe 750-882 Firmware Subscribe 750-885 Subscribe 750-885 Firmware Subscribe 750-889 Subscribe 750-889 Firmware Subscribe 750-890 Subscribe 750-890 Firmware Subscribe 750-891 Subscribe 750-891 Firmware Subscribe 750-893 Subscribe 750-893 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-8409	On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

Fixes

Solution

WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph.

Workaround

Use general security best practices to protect systems from local and network attacks. Do not allow direct access to the device from untrusted networks. Update to the latest firmware according to the table in chapter solutions.

References

Link	Providers
https://cert.vde.com/en-us/advisories/vde-2021-014

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-05-24T11:05:05.975839Z

Updated: 2024-09-16T18:43:52.677Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-21000

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-24T11:15:07.917

Modified: 2025-08-15T20:21:18.653

Link: CVE-2021-21000

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-770

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object