Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 24, 2021 - 11:15 nvd
HIGH 7.5

DescriptionNVD

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

AnalysisAI

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. Affected products include: Wago 750-823 Firmware, Wago 750-829 Firmware, Wago 750-831 Firmware, Wago 750-832 Firmware, Wago 750-852 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.

CVE-2021-34584 CRITICAL POC
9.1 Oct 26

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service con

CVE-2021-34586 HIGH POC
7.5 Oct 26

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the

CVE-2021-34585 HIGH POC
7.5 Oct 26

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Rated high sever

CVE-2021-34583 HIGH POC
7.5 Oct 26

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service cond

CVE-2018-16210 MEDIUM POC
6.1 Oct 12

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP config

CVE-2021-30193 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2021-30192 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Rated critical severity (CVSS 9.8),

CVE-2021-30190 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerabilit

CVE-2021-30189 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulner

CVE-2021-30188 CRITICAL
9.8 May 25

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this

CVE-2021-30194 CRITICAL
9.1 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2020-12506 CRITICAL
9.1 Sep 30

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the se

Share

CVE-2021-21000 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy