Details of VAR-202105-0535

ID

VAR-202105-0535

CVE

CVE-2021-21000

TITLE

plural WAGO Vulnerability in product allocation of resource allocation without limitation or throttling on devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-007238

DESCRIPTION

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. plural WAGO Product devices contain vulnerabilities in resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-21000 // JVNDB: JVNDB-2021-007238 // VULMON: CVE-2021-21000

AFFECTED PRODUCTS

vendor:	wago	model:	750-8216	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-889	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8207	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8211	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-862	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-832	scope:	lte	version:	fw06	Trust: 1.0
vendor:	wago	model:	750-8213	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-881	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-831	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-882	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-893	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-852	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8203	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8206	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-885	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8210	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-890	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-8214	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-829	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8202	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-823	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-8208	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-880	scope:	lte	version:	fw15	Trust: 1.0
vendor:	wago	model:	750-8212	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8217	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8204	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-891	scope:	lte	version:	fw07	Trust: 1.0
vendor:	ワゴジャパン株式会社	model:	750-885	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-823	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-882	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-881	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-831	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-829	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-862	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-832	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-880	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-852	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007238 // NVD: CVE-2021-21000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21000
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2021-21000
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21000
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202105-1455
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-21000
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-21000
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
info@cert.vde.com:	CVE-2021-21000
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21000
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007238 // CNNVD: CNNVD-202105-1455 // NVD: CVE-2021-21000 // NVD: CVE-2021-21000

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007238 // NVD: CVE-2021-21000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1455

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1455

PATCH

title:	Top Page	url:	https://www.wago.com/us/	Trust: 0.8
title:	WAGO Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152368	Trust: 0.6

sources: JVNDB: JVNDB-2021-007238 // CNNVD: CNNVD-202105-1455

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21000	Trust: 3.3
db:	CERT@VDE	id:	VDE-2021-014	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-007238	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1455	Trust: 0.6
db:	VULMON	id:	CVE-2021-21000	Trust: 0.1

sources: VULMON: CVE-2021-21000 // JVNDB: JVNDB-2021-007238 // CNNVD: CNNVD-202105-1455 // NVD: CVE-2021-21000

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-014	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21000	Trust: 0.8
url:	https://cert.vde.com/en/advisories/vde-2021-014/	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-21000 // JVNDB: JVNDB-2021-007238 // CNNVD: CNNVD-202105-1455 // NVD: CVE-2021-21000

SOURCES

db:	VULMON	id:	CVE-2021-21000
db:	JVNDB	id:	JVNDB-2021-007238
db:	CNNVD	id:	CNNVD-202105-1455
db:	NVD	id:	CVE-2021-21000

LAST UPDATE DATE

2024-08-14T15:38:03.197000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-21000	date:	2021-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007238	date:	2022-02-07T02:26:00
db:	CNNVD	id:	CNNVD-202105-1455	date:	2021-05-31T00:00:00
db:	NVD	id:	CVE-2021-21000	date:	2021-05-28T15:11:31.460

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-21000	date:	2021-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007238	date:	2022-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202105-1455	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2021-21000	date:	2021-05-24T11:15:07.917