WAGO: PFC200 Denial of Service due to the number of connections to the runtime
CVE-2021-21000

5.3MEDIUM

Key Information:

Vendor: Wago
Status: Series Pfc200 Controller; Series Ethernet Controller
Vendor: CVE Published:; 24 May 2021

Summary

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

Affected Version(s)

Series Ethernet Controller 750-8202/xxx-xxx < 03.06.19 (18)

Series Ethernet Controller 750-8203/xxx-xxx < 03.06.19 (18)

Series Ethernet Controller 750-8204/xxx-xxx < 03.06.19 (18)

References

https://cert.vde.com/en-us/advisories/vde-2021-014

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
Dec 17, 2020

Credit

These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE.