CVE-2021-21001

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 53.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Series Ethernet Controller Wago 750-8202 Firmware Wago 750-8203 Firmware +26 more

Timeline

PublishedMay 24

Latest updateMay 24

Description

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages29 packages

▶NVDwago/750-823_firmware< fw08

▶NVDwago/750-829_firmware< fw15

▶NVDwago/750-831_firmware< fw15

▶NVDwago/750-832_firmware< fw08

▶NVDwago/750-852_firmware< fw15

🔴Vulnerability Details

GHSA

GHSA-52pm-rch7-vfc5: On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access↗2022-05-24

▶

CVEList

WAGO: PFC200 Access to files outside the home directory↗2021-05-24

▶