CVE-2021-34569

Summary

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

Affected Software

VendorProductVersion RangeStatus
WAGO750-81xx/xxx-xxxFWFW1 <= FW18 Patch 2affected
WAGO750-82xx/xxx-xxxFW1 <= FW18 Patch 2affected
WAGO752-8303/8000-0002FW1 <= FW18 Patch 2affected
WAGO762-4xxxFW1 <= FW18 Patch 2affected
WAGO762-5xxxFW1 <= FW18 Patch 2affected
WAGO762-6xxxFW1 <= FW18 Patch 2affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References