First published: Mon May 24 2021(Updated: )
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wago 750-823 Firmware | <=fw07 | |
WAGO 750-823 | ||
Wago 750-829 Firmware | <=fw14 | |
Wago 750-829 | ||
Wago 750-831 Firmware | <=fw14 | |
WAGO 750-831 | ||
Wago 750-832 Firmware | <=fw06 | |
WAGO 750-832 | ||
Wago 750-852 Firmware | <=fw14 | |
WAGO 750-852 | ||
Wago 750-862 Firmware | <=fw07 | |
WAGO 750-862 | ||
Wago 750-880 Firmware | <=fw15 | |
WAGO 750-880 | ||
Wago 750-881 Firmware | <=fw14 | |
WAGO 750-881 | ||
Wago 750-882 Firmware | <=fw14 | |
WAGO 750-882 | ||
Wago 750-885 Firmware | <=fw14 | |
WAGO 750-885 | ||
Wago 750-889 Firmware | <=fw14 | |
WAGO 750-889 | ||
Wago 750-890 Firmware | <=fw07 | |
WAGO 750-890 | ||
Wago 750-891 Firmware | <=fw07 | |
WAGO 750-891 | ||
Wago 750-893 Firmware | <=fw07 | |
Wago 750-893 | ||
Wago 750-8202 Firmware | <03.06.19_\(18\) | |
WAGO 750-8202 | ||
Wago 750-8203 Firmware | <03.06.19_\(18\) | |
Wago 750-8203 | ||
Wago 750-8204 Firmware | <03.06.19_\(18\) | |
Wago 750-8204 | ||
Wago 750-8206 Firmware | <03.06.19_\(18\) | |
Wago 750-8206 | ||
Wago 750-8207 Firmware | <03.06.19_\(18\) | |
Wago 750-8207 | ||
Wago 750-8208 Firmware | <03.06.19_\(18\) | |
Wago 750-8208 | ||
Wago 750-8210 Firmware | <03.06.19_\(18\) | |
Wago 750-8210 | ||
Wago 750-8211 Firmware | <03.06.19_\(18\) | |
Wago 750-8211 | ||
Wago 750-8212 Firmware | <03.06.19_\(18\) | |
Wago 750-8212 | ||
Wago 750-8213 Firmware | <03.06.19_\(18\) | |
Wago 750-8213 | ||
Wago 750-8214 Firmware | <03.06.19_\(18\) | |
Wago 750-8214 | ||
Wago 750-8216 Firmware | <03.06.19_\(18\) | |
Wago 750-8216 | ||
Wago 750-8217 Firmware | <03.06.19_\(18\) | |
Wago 750-8217 |
WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-21000.
CVE-2021-21000 has a severity level of 7.5 (High).
WAGO PFC200 devices with different firmware versions are affected by CVE-2021-21000.
An attacker with network access to the device can cause a denial of service for the login service of the runtime by sending specially crafted packets.
At the moment, there is no information available about a fix for CVE-2021-21000. Please refer to the provided reference for updates.