CVE-2021-34568

high-risk

Published 2022-11-09

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

Do I need to act?

-

0.46% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

750-8100 Firmware

750-8100 Firmware

750-8100 Firmware

750-8100 Firmware

750-8101 Firmware

750-8101 Firmware

750-8101 Firmware

750-8101 Firmware

750-8101\/025-000 Firmware

750-8101\/025-000 Firmware

750-8101\/025-000 Firmware

750-8101\/025-000 Firmware

750-8102 Firmware

750-8102 Firmware

750-8102 Firmware

750-8102 Firmware

750-8102\/025-000 Firmware

750-8102\/025-000 Firmware

750-8102\/025-000 Firmware

750-8102\/025-000 Firmware

Affected Vendors

Wago

References (2)

Vendor Advisory https://cert.vde.com/en/advisories/VDE-2020-036/

Vendor Advisory https://cert.vde.com/en/advisories/VDE-2020-036/

61

/ 100

high-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 33/34 · Critical