{"containers": {"cna": {"affected": [{"product": "Series PFC200 Controller", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW07", "status": "affected", "version": "750-823", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-829", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-831/000-00x", "versionType": "custom"}, {"lessThanOrEqual": "FW06", "status": "affected", "version": "750-832/000-00x", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-852", "versionType": "custom"}, {"lessThanOrEqual": "FW07", "status": "affected", "version": "750-862", "versionType": "custom"}, {"lessThanOrEqual": "FW15", "status": "affected", "version": "750-880/0xx-xxx", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-881", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-882", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-885/0xx-xxx", "versionType": "custom"}, {"lessThanOrEqual": "FW14", "status": "affected", "version": "750-889", "versionType": "custom"}, {"lessThanOrEqual": "FW07", "status": "affected", "version": "750-890/0xx-xxx", "versionType": "custom"}, {"lessThanOrEqual": "FW07", "status": "affected", "version": "750-891", "versionType": "custom"}, {"lessThanOrEqual": "FW07", "status": "affected", "version": "750-893", "versionType": "custom"}]}, {"product": "Series Ethernet Controller", "vendor": "WAGO", "versions": [{"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8202/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8203/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8204/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8206/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8207/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8208/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8210/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8211/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8212/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8213/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8214/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8216/xxx-xxx", "versionType": "custom"}, {"lessThan": "03.06.19 (18)", "status": "affected", "version": "750-8217/xxx-xxx", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE."}], "datePublic": "2021-05-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-24T11:05:06.000Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-014"}], "solutions": [{"lang": "en", "value": "WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph."}], "source": {"advisory": "VDE-2021-014", "defect": ["VDE-2021-014"], "discovery": "EXTERNAL"}, "title": "WAGO: PFC200 Access to files outside the home directory", "workarounds": [{"lang": "en", "value": "Use general security best practices to protect systems from local and network attacks.\nDo not allow direct access to the device from untrusted networks.\nUpdate to the latest firmware according to the table in chapter solutions."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-05-20T10:00:00.000Z", "ID": "CVE-2021-21001", "STATE": "PUBLIC", "TITLE": "WAGO: PFC200 Access to files outside the home directory"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Series PFC200 Controller", "version": {"version_data": [{"version_affected": "<=", "version_name": "750-823", "version_value": "FW07"}, {"version_affected": "<=", "version_name": "750-829", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-831/000-00x", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-832/000-00x", "version_value": "FW06"}, {"version_affected": "<=", "version_name": "750-852", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-862", "version_value": "FW07"}, {"version_affected": "<=", "version_name": "750-880/0xx-xxx", "version_value": "FW15"}, {"version_affected": "<=", "version_name": "750-881", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-882", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-885/0xx-xxx", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-889", "version_value": "FW14"}, {"version_affected": "<=", "version_name": "750-890/0xx-xxx", "version_value": "FW07"}, {"version_affected": "<=", "version_name": "750-891", "version_value": "FW07"}, {"version_affected": "<=", "version_name": "750-893", "version_value": "FW07"}]}}, {"product_name": "Series Ethernet Controller", "version": {"version_data": [{"version_affected": "<", "version_name": "750-8202/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8203/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8204/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8206/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8207/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8208/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8210/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8211/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8212/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8213/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8214/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8216/xxx-xxx", "version_value": "03.06.19 (18)"}, {"version_affected": "<", "version_name": "750-8217/xxx-xxx", "version_value": "03.06.19 (18)"}]}}]}, "vendor_name": "WAGO"}]}}, "credit": [{"lang": "eng", "value": "These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-014", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-014"}]}, "solution": [{"lang": "en", "value": "WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph."}], "source": {"advisory": "VDE-2021-014", "defect": ["VDE-2021-014"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Use general security best practices to protect systems from local and network attacks.\nDo not allow direct access to the device from untrusted networks.\nUpdate to the latest firmware according to the table in chapter solutions."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:53:23.101Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-014"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-21001", "datePublished": "2021-05-24T11:05:06.147Z", "dateReserved": "2020-12-17T00:00:00.000Z", "dateUpdated": "2024-09-16T16:19:02.930Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E02A0AE-7B50-4918-95DB-61598A7DA57F", "versionEndExcluding": "fw08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB88572A-CB05-4B52-8BFC-05EFDC819244", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D510EFD-2F2E-42A9-BD92-B200CB22267A", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*", "matchCriteriaId": "F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D8D785A-E80C-42CA-8070-C50914A7442E", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0631884-FF6F-4AA9-9D76-CDECB5A738FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1199B32D-F6F2-473A-83F0-3E53735F7072", "versionEndExcluding": "fw08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*", "matchCriteriaId": "13D1FA8D-C8BA-4D1C-8372-DECD40177631", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA876F0F-AA09-4972-B6D8-C1625E742ED9", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D6739E1-EF0B-48EE-90FC-5708756FC362", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7DB181E-1417-4B82-9A50-59E82F9968AB", "versionEndExcluding": "fw08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA04FBFB-9E1C-4618-9FDC-70675506D8D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFD07A69-6741-446B-8D02-4F9BACDDD973", "versionEndExcluding": "fw16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFEAC4D9-15CF-44B8-844D-C012AA4637A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1E9B30D-158F-4A96-904A-21A6B4E693FC", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B26C1E90-3A58-441E-B2F6-56FF9A4807CE", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1379D65-F376-4618-B708-5E59D64C8033", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21A7AD4D-EF15-4A2F-A5DB-69390238A4B8", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*", "matchCriteriaId": "7712F56E-AEBA-4DE0-9172-26F3D29B369B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C253BB7-B264-4FD3-8691-E11806C6E126", "versionEndExcluding": "fw15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*", "matchCriteriaId": "57919AAB-2962-4543-810A-C143300351F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD51A1B9-5BD7-4458-BE90-18D1666B807E", "versionEndExcluding": "fw08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*", "matchCriteriaId": "11751A8B-FCFD-433B-9065-B4FC85168A93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "412C2148-01BA-4EB5-9843-B88EF40FC49E", "versionEndExcluding": "fw08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*", "matchCriteriaId": "22BAABD9-A10D-4904-AA02-C37C4490B47A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FCDEBB8-1A23-470E-858E-113E382EF5C4", "versionEndExcluding": "fw08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D4795D0-B90B-4643-8713-88D89172D1A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "03675DC5-0563-4742-90F1-85CCE629157E", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*", "matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8178F4C-BD4B-4E22-95F9-5264FD29E557", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FC5F373-F17C-441A-AB86-F22D624E744E", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C723A05-DC44-4F43-BEC2-EAD27E68804B", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40789CA2-C91E-4510-A759-51C01A86C3F2", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDE72D10-8E25-4939-9255-23E8FED88449", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*", "matchCriteriaId": "C86098FC-E63E-4676-8BA1-ADCA30795558", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ED56607-5CA6-47F5-8C2A-AEF69CB4A9F7", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E11758B-46C3-4E57-943A-C9C073AE5211", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0E03C56-1319-4EE2-BF99-A4BA861D8381", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CD6B267-3E4B-4597-82A6-130D6F21C728", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2343C5B1-4905-405B-ACD7-375C31FC6C9A", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*", "matchCriteriaId": "20BBC380-0F6E-4400-93AF-5B6CFEF00562", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E486580C-8400-4235-A617-8DBF4F65F31D", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*", "matchCriteriaId": "4969E8EB-EF09-47B9-8F03-37BB87CFD048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DE5D039-B7BA-4876-9B3B-B41CCA778A98", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*", "matchCriteriaId": "979A8E43-4285-4A7B-BB0B-E6888117862C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F2AA067-9AA9-4D52-B609-C77CAD71CD33", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B854F74-173E-4523-BBA7-8FF7A9B9880E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8032A39-1795-4AB0-9822-8A16EFFD1AE0", "versionEndExcluding": "03.06.19_\\(18\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*", "matchCriteriaId": "B23CD8FD-FC7A-4E24-BF8F-648478D82645", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges."}, {"lang": "es", "value": "En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales dise\u00f1ados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios"}], "id": "CVE-2021-21001", "lastModified": "2025-08-15T20:21:10.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-24T11:15:07.980", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-014"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}