CVE-2021-21000

moderate-risk

Published 2021-05-24

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

750-823 Firmware

750-829 Firmware

750-831 Firmware

750-832 Firmware

750-852 Firmware

750-862 Firmware

750-880 Firmware

750-881 Firmware

750-882 Firmware

750-885 Firmware

750-889 Firmware

750-890 Firmware

750-891 Firmware

750-893 Firmware

750-8202 Firmware

750-8203 Firmware

750-8204 Firmware

750-8206 Firmware

750-8207 Firmware

750-8208 Firmware

Affected Vendors

Wago

References (2)

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2021-014

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 22/34 · High