Details of VAR-202105-0536

ID

VAR-202105-0536

CVE

CVE-2021-21001

TITLE

WAGO path traversal vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-40851 // CNNVD: CNNVD-202105-1457

DESCRIPTION

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. plural WAGO A past traversal vulnerability exists in the device of the product.Information may be obtained. WAGO is a 750-88x series programmable logic controller from WAGO. The device is a digital operation electronic system designed specifically for applications in an industrial environment

Trust: 2.25

sources: NVD: CVE-2021-21001 // JVNDB: JVNDB-2021-007239 // CNVD: CNVD-2021-40851 // VULMON: CVE-2021-21001

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-40851

AFFECTED PRODUCTS

vendor:	wago	model:	750-8216	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-889	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8207	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8211	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-862	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-832	scope:	lte	version:	fw06	Trust: 1.0
vendor:	wago	model:	750-8213	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-881	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-831	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-882	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-893	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-852	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8203	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8206	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-885	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8210	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-890	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-8214	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-829	scope:	lte	version:	fw14	Trust: 1.0
vendor:	wago	model:	750-8202	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-823	scope:	lte	version:	fw07	Trust: 1.0
vendor:	wago	model:	750-8208	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-880	scope:	lte	version:	fw15	Trust: 1.0
vendor:	wago	model:	750-8212	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8217	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-8204	scope:	lt	version:	03.06.19_\(18\)	Trust: 1.0
vendor:	wago	model:	750-891	scope:	lte	version:	fw07	Trust: 1.0
vendor:	ワゴジャパン株式会社	model:	750-885	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-823	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-882	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-881	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-831	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-829	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-862	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-832	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-880	scope:	-	version:	-	Trust: 0.8
vendor:	ワゴジャパン株式会社	model:	750-852	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	750-823 >=fw07	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-823	Trust: 0.6
vendor:	wago	model:	750-829 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-829	Trust: 0.6
vendor:	wago	model:	750-831 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-831	Trust: 0.6
vendor:	wago	model:	750-832 >=fw06	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-832	Trust: 0.6
vendor:	wago	model:	750-852 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-852	Trust: 0.6
vendor:	wago	model:	750-862 >=fw07	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-862	Trust: 0.6
vendor:	wago	model:	750-880 >=fw15	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-880	Trust: 0.6
vendor:	wago	model:	750-881 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-881	Trust: 0.6
vendor:	wago	model:	750-882 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-882	Trust: 0.6
vendor:	wago	model:	750-885 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-885	Trust: 0.6
vendor:	wago	model:	750-889 >=fw14	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-889	Trust: 0.6
vendor:	wago	model:	750-890 >=fw07	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-890	Trust: 0.6
vendor:	wago	model:	750-891 >=fw07	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-891	Trust: 0.6
vendor:	wago	model:	750-893 >=fw07	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-893	Trust: 0.6
vendor:	wago	model:	750-8202 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8202	Trust: 0.6
vendor:	wago	model:	750-8203 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8203	Trust: 0.6
vendor:	wago	model:	750-8204 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8204	Trust: 0.6
vendor:	wago	model:	750-8206 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8206	Trust: 0.6
vendor:	wago	model:	750-8207 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8207	Trust: 0.6
vendor:	wago	model:	750-8208 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8208	Trust: 0.6
vendor:	wago	model:	750-8210 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8210	Trust: 0.6
vendor:	wago	model:	750-8211 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8211	Trust: 0.6
vendor:	wago	model:	750-8212 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8212	Trust: 0.6
vendor:	wago	model:	750-8213 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8213	Trust: 0.6
vendor:	wago	model:	750-8214 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8214	Trust: 0.6
vendor:	wago	model:	750-8216 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8216	Trust: 0.6
vendor:	wago	model:	750-8217 >=03.06.19	scope:	-	version:	-	Trust: 0.6
vendor:	wago	model:	-	scope:	eq	version:	750-8217	Trust: 0.6

sources: CNVD: CNVD-2021-40851 // JVNDB: JVNDB-2021-007239 // NVD: CVE-2021-21001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21001
value:	MEDIUM
Trust: 1.0
info@cert.vde.com:	CVE-2021-21001
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-21001
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-40851
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1457
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-21001
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-40851
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-21001
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
info@cert.vde.com:	CVE-2021-21001
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21001
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-40851 // JVNDB: JVNDB-2021-007239 // CNNVD: CNNVD-202105-1457 // NVD: CVE-2021-21001 // NVD: CVE-2021-21001

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007239 // NVD: CVE-2021-21001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1457

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202105-1457

PATCH

title:	Top Page	url:	https://www.wago.com/us/	Trust: 0.8
title:	Patch for WAGO path traversal vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/271846	Trust: 0.6
title:	WAGO Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152370	Trust: 0.6

sources: CNVD: CNVD-2021-40851 // JVNDB: JVNDB-2021-007239 // CNNVD: CNNVD-202105-1457

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21001	Trust: 3.9
db:	CERT@VDE	id:	VDE-2021-014	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-007239	Trust: 0.8
db:	CNVD	id:	CNVD-2021-40851	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1457	Trust: 0.6
db:	VULMON	id:	CVE-2021-21001	Trust: 0.1

sources: CNVD: CNVD-2021-40851 // VULMON: CVE-2021-21001 // JVNDB: JVNDB-2021-007239 // CNNVD: CNNVD-202105-1457 // NVD: CVE-2021-21001

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-014	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21001	Trust: 1.4
url:	https://cert.vde.com/en/advisories/vde-2021-014/	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-40851 // VULMON: CVE-2021-21001 // JVNDB: JVNDB-2021-007239 // CNNVD: CNNVD-202105-1457 // NVD: CVE-2021-21001

SOURCES

db:	CNVD	id:	CNVD-2021-40851
db:	VULMON	id:	CVE-2021-21001
db:	JVNDB	id:	JVNDB-2021-007239
db:	CNNVD	id:	CNNVD-202105-1457
db:	NVD	id:	CVE-2021-21001

LAST UPDATE DATE

2024-08-14T15:38:03.166000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-40851	date:	2021-06-10T00:00:00
db:	VULMON	id:	CVE-2021-21001	date:	2021-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007239	date:	2022-02-07T02:27:00
db:	CNNVD	id:	CNNVD-202105-1457	date:	2021-05-31T00:00:00
db:	NVD	id:	CVE-2021-21001	date:	2021-05-28T15:10:14.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-40851	date:	2021-06-10T00:00:00
db:	VULMON	id:	CVE-2021-21001	date:	2021-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-007239	date:	2022-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202105-1457	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2021-21001	date:	2021-05-24T11:15:07.980