First published: Mon May 24 2021(Updated: )
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wago 750-823 Firmware | <=fw07 | |
WAGO 750-823 | ||
Wago 750-829 Firmware | <=fw14 | |
Wago 750-829 | ||
Wago 750-831 Firmware | <=fw14 | |
WAGO 750-831 | ||
Wago 750-832 Firmware | <=fw06 | |
WAGO 750-832 | ||
Wago 750-852 Firmware | <=fw14 | |
WAGO 750-852 | ||
Wago 750-862 Firmware | <=fw07 | |
WAGO 750-862 | ||
Wago 750-880 Firmware | <=fw15 | |
WAGO 750-880 | ||
Wago 750-881 Firmware | <=fw14 | |
WAGO 750-881 | ||
Wago 750-882 Firmware | <=fw14 | |
WAGO 750-882 | ||
Wago 750-885 Firmware | <=fw14 | |
WAGO 750-885 | ||
Wago 750-889 Firmware | <=fw14 | |
WAGO 750-889 | ||
Wago 750-890 Firmware | <=fw07 | |
WAGO 750-890 | ||
Wago 750-891 Firmware | <=fw07 | |
WAGO 750-891 | ||
Wago 750-893 Firmware | <=fw07 | |
Wago 750-893 | ||
Wago 750-8202 Firmware | <03.06.19_\(18\) | |
WAGO 750-8202 | ||
Wago 750-8203 Firmware | <03.06.19_\(18\) | |
Wago 750-8203 | ||
Wago 750-8204 Firmware | <03.06.19_\(18\) | |
Wago 750-8204 | ||
Wago 750-8206 Firmware | <03.06.19_\(18\) | |
Wago 750-8206 | ||
Wago 750-8207 Firmware | <03.06.19_\(18\) | |
Wago 750-8207 | ||
Wago 750-8208 Firmware | <03.06.19_\(18\) | |
Wago 750-8208 | ||
Wago 750-8210 Firmware | <03.06.19_\(18\) | |
Wago 750-8210 | ||
Wago 750-8211 Firmware | <03.06.19_\(18\) | |
Wago 750-8211 | ||
Wago 750-8212 Firmware | <03.06.19_\(18\) | |
Wago 750-8212 | ||
Wago 750-8213 Firmware | <03.06.19_\(18\) | |
Wago 750-8213 | ||
Wago 750-8214 Firmware | <03.06.19_\(18\) | |
Wago 750-8214 | ||
Wago 750-8216 Firmware | <03.06.19_\(18\) | |
Wago 750-8216 | ||
Wago 750-8217 Firmware | <03.06.19_\(18\) | |
Wago 750-8217 |
WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-21001.
The severity of CVE-2021-21001 is critical with a severity value of 6.5.
WAGO PFC200 devices in different firmware versions are affected by CVE-2021-21001.
An authorized attacker with network access to the WAGO PFC200 device can exploit CVE-2021-21001 by using specially crafted packets to access the file system with higher privileges.
It is recommended to update the firmware of the WAGO PFC200 device to a version that is not vulnerable to CVE-2021-21001.