CVE-2021-21000
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Series PFC200 Controller | 750-823 <= FW07 | affected |
| WAGO | Series PFC200 Controller | 750-829 <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-831/000-00x <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-832/000-00x <= FW06 | affected |
| WAGO | Series PFC200 Controller | 750-852 <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-862 <= FW07 | affected |
| WAGO | Series PFC200 Controller | 750-880/0xx-xxx <= FW15 | affected |
| WAGO | Series PFC200 Controller | 750-881 <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-882 <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-885/0xx-xxx <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-889 <= FW14 | affected |
| WAGO | Series PFC200 Controller | 750-890/0xx-xxx <= FW07 | affected |
| WAGO | Series PFC200 Controller | 750-891 <= FW07 | affected |
| WAGO | Series PFC200 Controller | 750-893 <= FW07 | affected |
| WAGO | Series Ethernet Controller | 750-8202/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8203/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8204/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8206/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8207/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8208/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8210/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8211/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8212/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8213/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8214/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8216/xxx-xxx < 03.06.19 (18) | affected |
| WAGO | Series Ethernet Controller | 750-8217/xxx-xxx < 03.06.19 (18) | affected |
Weaknesses
- CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
Workarounds
Use general security best practices to protect systems from local and network attacks. Do not allow direct access to the device from untrusted networks. Update to the latest firmware according to the table in chapter solutions.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.