Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-52PM-RCH7-VFC5
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2025-08-15 21:31
VLAI?
Details
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-21001"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-24T11:15:00Z",
"severity": "MODERATE"
},
"details": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.",
"id": "GHSA-52pm-rch7-vfc5",
"modified": "2025-08-15T21:31:12Z",
"published": "2022-05-24T19:03:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21001"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2021-21001 (GCVE-0-2021-21001)
Vulnerability from cvelistv5 – Published: 2021-05-24 11:05 – Updated: 2024-09-16 16:19
VLAI?
EPSS
Summary
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Severity ?
9.1 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WAGO | Series PFC200 Controller |
Affected:
750-823 , ≤ FW07
(custom)
Affected: 750-829 , ≤ FW14 (custom) Affected: 750-831/000-00x , ≤ FW14 (custom) Affected: 750-832/000-00x , ≤ FW06 (custom) Affected: 750-852 , ≤ FW14 (custom) Affected: 750-862 , ≤ FW07 (custom) Affected: 750-880/0xx-xxx , ≤ FW15 (custom) Affected: 750-881 , ≤ FW14 (custom) Affected: 750-882 , ≤ FW14 (custom) Affected: 750-885/0xx-xxx , ≤ FW14 (custom) Affected: 750-889 , ≤ FW14 (custom) Affected: 750-890/0xx-xxx , ≤ FW07 (custom) Affected: 750-891 , ≤ FW07 (custom) Affected: 750-893 , ≤ FW07 (custom) |
|||||||
|
|||||||||
Credits
These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Series PFC200 Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-823",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-829",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-831/000-00x",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW06",
"status": "affected",
"version": "750-832/000-00x",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-852",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-862",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW15",
"status": "affected",
"version": "750-880/0xx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-881",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-882",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-885/0xx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW14",
"status": "affected",
"version": "750-889",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-890/0xx-xxx",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-891",
"versionType": "custom"
},
{
"lessThanOrEqual": "FW07",
"status": "affected",
"version": "750-893",
"versionType": "custom"
}
]
},
{
"product": "Series Ethernet Controller",
"vendor": "WAGO",
"versions": [
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8202/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8203/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8204/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8206/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8207/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8208/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8210/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8211/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8212/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8213/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8214/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8216/xxx-xxx",
"versionType": "custom"
},
{
"lessThan": "03.06.19 (18)",
"status": "affected",
"version": "750-8217/xxx-xxx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE."
}
],
"datePublic": "2021-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T11:05:06",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-014"
}
],
"solutions": [
{
"lang": "en",
"value": "WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph."
}
],
"source": {
"advisory": "VDE-2021-014",
"defect": [
"VDE-2021-014"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: PFC200 Access to files outside the home directory",
"workarounds": [
{
"lang": "en",
"value": "Use general security best practices to protect systems from local and network attacks.\nDo not allow direct access to the device from untrusted networks.\nUpdate to the latest firmware according to the table in chapter solutions."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-05-20T10:00:00.000Z",
"ID": "CVE-2021-21001",
"STATE": "PUBLIC",
"TITLE": "WAGO: PFC200 Access to files outside the home directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Series PFC200 Controller",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "750-823",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-829",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-831/000-00x",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-832/000-00x",
"version_value": "FW06"
},
{
"version_affected": "\u003c=",
"version_name": "750-852",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-862",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-880/0xx-xxx",
"version_value": "FW15"
},
{
"version_affected": "\u003c=",
"version_name": "750-881",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-882",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-885/0xx-xxx",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-889",
"version_value": "FW14"
},
{
"version_affected": "\u003c=",
"version_name": "750-890/0xx-xxx",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-891",
"version_value": "FW07"
},
{
"version_affected": "\u003c=",
"version_name": "750-893",
"version_value": "FW07"
}
]
}
},
{
"product_name": "Series Ethernet Controller",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "750-8202/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8203/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8204/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8206/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8207/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8208/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8210/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8211/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8212/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8213/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8214/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8216/xxx-xxx",
"version_value": "03.06.19 (18)"
},
{
"version_affected": "\u003c",
"version_name": "750-8217/xxx-xxx",
"version_value": "03.06.19 (18)"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "These vulnerabilities were reported by JSC Positive Technologies (Vyacheslav Moskvin, Anton Dorfman, Sergey Fedonin, Ivan Kurnakov, Denis Goryushev). Coordination done by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-014",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-014"
}
]
},
"solution": [
{
"lang": "en",
"value": "WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware versions listed at https://cert.vde.com/en-us/advisories/vde-2021-014 in the solution paragraph."
}
],
"source": {
"advisory": "VDE-2021-014",
"defect": [
"VDE-2021-014"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use general security best practices to protect systems from local and network attacks.\nDo not allow direct access to the device from untrusted networks.\nUpdate to the latest firmware according to the table in chapter solutions."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-21001",
"datePublished": "2021-05-24T11:05:06.147811Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T16:19:02.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…