CVE-2021-34581

moderate-risk

Published 2021-08-31

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

Do I need to act?

~

1.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (9)

750-880\/040-000 Firmware

750-880\/025-002 Firmware

750-880\/025-001 Firmware

750-880\/025-000 Firmware

750-831\/000-002 Firmware

750-889 Firmware

750-881 Firmware

750-831 Firmware

750-880 Firmware

Affected Vendors

Wago

References (2)

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2021-038

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2021-038

45

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 4/34 · Minimal

Exposure 15/34 · Moderate