CVE-2021-21001: WAGO: PFC200 Access to files outside the home directory
First published: Mon May 24 2021(Updated: )
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wago 750-823 Firmware | <=fw07 | |
| WAGO 750-823 | ||
| Wago 750-829 Firmware | <=fw14 | |
| Wago 750-829 | ||
| Wago 750-831 Firmware | <=fw14 | |
| WAGO 750-831 | ||
| Wago 750-832 Firmware | <=fw06 | |
| WAGO 750-832 | ||
| Wago 750-852 Firmware | <=fw14 | |
| WAGO 750-852 | ||
| Wago 750-862 Firmware | <=fw07 | |
| WAGO 750-862 | ||
| Wago 750-880 Firmware | <=fw15 | |
| WAGO 750-880 | ||
| Wago 750-881 Firmware | <=fw14 | |
| WAGO 750-881 | ||
| Wago 750-882 Firmware | <=fw14 | |
| WAGO 750-882 | ||
| Wago 750-885 Firmware | <=fw14 | |
| WAGO 750-885 | ||
| Wago 750-889 Firmware | <=fw14 | |
| WAGO 750-889 | ||
| Wago 750-890 Firmware | <=fw07 | |
| WAGO 750-890 | ||
| Wago 750-891 Firmware | <=fw07 | |
| WAGO 750-891 | ||
| Wago 750-893 Firmware | <=fw07 | |
| Wago 750-893 | ||
| Wago 750-8202 Firmware | <03.06.19_\(18\) | |
| WAGO 750-8202 | ||
| Wago 750-8203 Firmware | <03.06.19_\(18\) | |
| Wago 750-8203 | ||
| Wago 750-8204 Firmware | <03.06.19_\(18\) | |
| Wago 750-8204 | ||
| Wago 750-8206 Firmware | <03.06.19_\(18\) | |
| Wago 750-8206 | ||
| Wago 750-8207 Firmware | <03.06.19_\(18\) | |
| Wago 750-8207 | ||
| Wago 750-8208 Firmware | <03.06.19_\(18\) | |
| Wago 750-8208 | ||
| Wago 750-8210 Firmware | <03.06.19_\(18\) | |
| Wago 750-8210 | ||
| Wago 750-8211 Firmware | <03.06.19_\(18\) | |
| Wago 750-8211 | ||
| Wago 750-8212 Firmware | <03.06.19_\(18\) | |
| Wago 750-8212 | ||
| Wago 750-8213 Firmware | <03.06.19_\(18\) | |
| Wago 750-8213 | ||
| Wago 750-8214 Firmware | <03.06.19_\(18\) | |
| Wago 750-8214 | ||
| Wago 750-8216 Firmware | <03.06.19_\(18\) | |
| Wago 750-8216 | ||
| Wago 750-8217 Firmware | <03.06.19_\(18\) | |
| Wago 750-8217 |
Remedy
WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-21001.
What is the severity of CVE-2021-21001?
The severity of CVE-2021-21001 is critical with a severity value of 6.5.
Which devices are affected by CVE-2021-21001?
WAGO PFC200 devices in different firmware versions are affected by CVE-2021-21001.
How can an attacker exploit CVE-2021-21001?
An authorized attacker with network access to the WAGO PFC200 device can exploit CVE-2021-21001 by using specially crafted packets to access the file system with higher privileges.
Is there a fix available for CVE-2021-21001?
It is recommended to update the firmware of the WAGO PFC200 device to a version that is not vulnerable to CVE-2021-21001.
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- vendor/wago
- canonical/wago 750-823 firmware
- version/wago 750-823 firmware/fw07
- canonical/wago 750-823
- canonical/wago 750-829 firmware
- version/wago 750-829 firmware/fw14
- canonical/wago 750-829
- canonical/wago 750-831 firmware
- version/wago 750-831 firmware/fw14
- canonical/wago 750-831
- canonical/wago 750-832 firmware
- version/wago 750-832 firmware/fw06
- canonical/wago 750-832
- canonical/wago 750-852 firmware
- version/wago 750-852 firmware/fw14
- canonical/wago 750-852
- canonical/wago 750-862 firmware
- version/wago 750-862 firmware/fw07
- canonical/wago 750-862
- canonical/wago 750-880 firmware
- version/wago 750-880 firmware/fw15
- canonical/wago 750-880
- canonical/wago 750-881 firmware
- version/wago 750-881 firmware/fw14
- canonical/wago 750-881
- canonical/wago 750-882 firmware
- version/wago 750-882 firmware/fw14
- canonical/wago 750-882
- canonical/wago 750-885 firmware
- version/wago 750-885 firmware/fw14
- canonical/wago 750-885
- canonical/wago 750-889 firmware
- version/wago 750-889 firmware/fw14
- canonical/wago 750-889
- canonical/wago 750-890 firmware
- version/wago 750-890 firmware/fw07
- canonical/wago 750-890
- canonical/wago 750-891 firmware
- version/wago 750-891 firmware/fw07
- canonical/wago 750-891
- canonical/wago 750-893 firmware
- version/wago 750-893 firmware/fw07
- canonical/wago 750-893
- canonical/wago 750-8202 firmware
- canonical/wago 750-8202
- canonical/wago 750-8203 firmware
- canonical/wago 750-8203
- canonical/wago 750-8204 firmware
- canonical/wago 750-8204
- canonical/wago 750-8206 firmware
- canonical/wago 750-8206
- canonical/wago 750-8207 firmware
- canonical/wago 750-8207
- canonical/wago 750-8208 firmware
- canonical/wago 750-8208
- canonical/wago 750-8210 firmware
- canonical/wago 750-8210
- canonical/wago 750-8211 firmware
- canonical/wago 750-8211
- canonical/wago 750-8212 firmware
- canonical/wago 750-8212
- canonical/wago 750-8213 firmware
- canonical/wago 750-8213
- canonical/wago 750-8214 firmware
- canonical/wago 750-8214
- canonical/wago 750-8216 firmware
- canonical/wago 750-8216
- canonical/wago 750-8217 firmware
- canonical/wago 750-8217