CVE-2021-21001

Name: CVE-2021-21001
Creator: NVD / NIST
Published: 2021-05-24T11:15:07.98+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 1.13%

Last modified Jun 17, 2026

CVE-2021-21001 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.. EPSS estimates a 1.13% chance of exploitation in the next 30 days.

Description

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

1.13%

62.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Wago	750-823 Firmware	< fw08
Wago	750-829 Firmware	< fw15
Wago	750-831 Firmware	< fw15
Wago	750-832 Firmware	< fw08
Wago	750-852 Firmware	< fw15
Wago	750-862 Firmware	< fw08
Wago	750-880 Firmware	< fw16
Wago	750-881 Firmware	< fw15
Wago	750-882 Firmware	< fw15
Wago	750-885 Firmware	< fw15
Wago	750-889 Firmware	< fw15
Wago	750-890 Firmware	< fw08
Wago	750-891 Firmware	< fw08
Wago	750-893 Firmware	< fw08
Wago	750-8202 Firmware	< 03.06.19_\(18\)
Wago	750-8203 Firmware	< 03.06.19_\(18\)
Wago	750-8204 Firmware	< 03.06.19_\(18\)
Wago	750-8206 Firmware	< 03.06.19_\(18\)
Wago	750-8207 Firmware	< 03.06.19_\(18\)
Wago	750-8208 Firmware	< 03.06.19_\(18\)
Wago	750-8210 Firmware	< 03.06.19_\(18\)
Wago	750-8211 Firmware	< 03.06.19_\(18\)
Wago	750-8212 Firmware	< 03.06.19_\(18\)
Wago	750-8213 Firmware	< 03.06.19_\(18\)
Wago	750-8214 Firmware	< 03.06.19_\(18\)
Wago	750-8216 Firmware	< 03.06.19_\(18\)
Wago	750-8217 Firmware	< 03.06.19_\(18\)

References

https://cert.vde.com/en-us/advisories/vde-2021-014Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-014Third Party Advisory

Timeline

Published: May 24, 2021
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2021-21001?

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

How severe is CVE-2021-21001?

CVE-2021-21001 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.13% probability of exploitation in the next 30 days.

How do I fix CVE-2021-21001?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-21001?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST