Products

Solutions

Company

Book A Live Demo

CVE-2021-21001 Explained : Impact and Mitigation

Learn about CVE-2021-21001, a critical vulnerability in WAGO PFC200 devices allowing unauthorized access to the file system with elevated privileges. Find mitigation steps and recommendations here.

This article discusses a critical vulnerability identified as CVE-2021-21001 in WAGO PFC200 devices. An attacker with network access can exploit this vulnerability to access the file system with elevated privileges.

Understanding CVE-2021-20657

This section delves into the details of the CVE-2021-21001 vulnerability.

What is CVE-2021-20657?

The CVE-2021-21001 vulnerability affects WAGO PFC200 devices running various firmware versions. It allows an authorized attacker to gain access to the file system with higher privileges by sending specially crafted packets.

The Impact of CVE-2021-20657

The impact of this vulnerability is significant, with a base severity score of 9.1 (Critical) according to CVSS v3.1. It poses high risks to confidentiality, integrity, and availability of the affected systems.

Technical Details of CVE-2021-20657

Here are the technical specifics related to CVE-2021-21001.

Vulnerability Description

The vulnerability, categorized as CWE-22, results from improper limitation of a pathname to a restricted directory, allowing path traversal attacks on the target systems.

Affected Systems and Versions

The Series PFC200 Controller and Series Ethernet Controller from WAGO are impacted by CVE-2021-21001. Specific firmware versions and product details are provided in the advisory.

Exploitation Mechanism

This vulnerability can be exploited by sending specially crafted packets to the targeted WAGO PFC200 devices, enabling unauthorized access to the file system with elevated privileges.

Mitigation and Prevention

To mitigate the risks associated with CVE-2021-21001, follow these preventive measures.

Immediate Steps to Take

Utilize best security practices to safeguard systems from local and network-based attacks. Restrict untrusted network access to the devices and follow specific guidelines provided in the solution section.

Long-Term Security Practices

Implement a robust security posture by regularly updating systems, conducting security audits, and enhancing network security measures.

Patching and Updates

WAGO recommends affected users with CODESYS 2.3 Runtime PLCs to upgrade to the specified firmware versions available in the provided solution link.

CVE-2021-21001 Explained : Impact and Mitigation

Understanding CVE-2021-20657

What is CVE-2021-20657?

The Impact of CVE-2021-20657

Technical Details of CVE-2021-20657

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-21001 Explained : Impact and Mitigation

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-20657

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-20657?

The Impact of CVE-2021-20657

Technical Details of CVE-2021-20657

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-20657

What is CVE-2021-20657?

Is your System Free of Underlying Vulnerabilities?
Find Out Now