CVE-2021-34581

CWE-7723 documents3 sources

Severity

7.5HIGH

EPSS

1.7%

top 17.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago 750-831\/000-002 Firmware Wago 750-831 Firmware Wago 750-880\/025-000 Firmware +6 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDwago/750-831_firmwarefw4 — fw15

▶NVDwago/750-880_firmwarefw4 — fw15

▶NVDwago/750-881_firmwarefw4 — fw15

▶NVDwago/750-889_firmwarefw4 — fw15

▶NVDwago/750-831\/000-002_firmwarefw4 — fw15

🔴Vulnerability Details

GHSA

GHSA-v448-m2g5-fm7c: Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-88↗2022-05-24

▶

CVEList

WAGO: Denial of Service vulnerability inside the OpenSSL implementation↗2021-08-31

▶