WAGO: PFC200 Access to files outside the home directory
CVE-2021-21001

6.5MEDIUM

Key Information:

Vendor: Wago
Status: Series Pfc200 Controller; Series Ethernet Controller
Vendor: CVE Published:; 24 May 2021

What is CVE-2021-21001?

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Affected Version(s)

Series Ethernet Controller 750-8202/xxx-xxx < 03.06.19 (18)

Series Ethernet Controller 750-8203/xxx-xxx < 03.06.19 (18)

Series Ethernet Controller 750-8204/xxx-xxx < 03.06.19 (18)

References

https://cert.vde.com/en-us/advisories/vde-2021-014

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
Dec 17, 2020

Credit

These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE.