CVE-2021-34568

Summary

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

Affected Software

VendorProductVersion RangeStatus
WAGO750-81xx/xxx-xxxFWFW1 <= FW18 Patch 2affected
WAGO750-82xx/xxx-xxxFW1 <= FW18 Patch 2affected
WAGO752-8303/8000-0002FW1 <= FW18 Patch 2affected
WAGO762-4xxxFW1 <= FW18 Patch 2affected
WAGO762-5xxxFW1 <= FW18 Patch 2affected
WAGO762-6xxxFW1 <= FW18 Patch 2affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References