CVE-2021-30187

Name: CVE-2021-30187
Creator: NVD / NIST
Published: 2021-05-25T12:15:07.913+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.27%

Last modified Jun 17, 2026

CVE-2021-30187 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Probability

0.27%

18.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Wago	750-893 Firmware	< fw08
Wago	750-891 Firmware	< fw08
Wago	750-890 Firmware	< fw08
Wago	750-889 Firmware	< fw15
Wago	750-885 Firmware	< fw15
Wago	750-882 Firmware	< fw15
Wago	750-881 Firmware	< fw15
Wago	750-880 Firmware	< fw16
Wago	750-862 Firmware	< fw08
Wago	750-852 Firmware	< fw15
Wago	750-832 Firmware	< fw08
Wago	750-831 Firmware	< fw15
Wago	750-829 Firmware	< fw15
Wago	750-8202 Firmware	< 03.06.19_\(18\)
Wago	750-8203 Firmware	< 03.06.19_\(18\)
Wago	750-8204 Firmware	< 03.06.19_\(18\)
Wago	750-8206 Firmware	< 03.06.19_\(18\)
Wago	750-8207 Firmware	< 03.06.19_\(18\)
Wago	750-8208 Firmware	< 03.06.19_\(18\)
Wago	750-8210 Firmware	< 03.06.19_\(18\)
Wago	750-8211 Firmware	< 03.06.19_\(18\)
Wago	750-8212 Firmware	< 03.06.19_\(18\)
Wago	750-8213 Firmware	< 03.06.19_\(18\)
Wago	750-8214 Firmware	< 03.06.19_\(18\)
Wago	750-8216 Firmware	< 03.06.19_\(18\)
Wago	750-8217 Firmware	< 03.06.19_\(18\)
Codesys	Runtime Toolkit	< 2.4.7.55
Wago	750-823 Firmware	< fw08

References

https://customers.codesys.com/index.phpPermissions Required, Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14727&token=25159b0fc4355f4c6bc2e074a519a9d0cdb23fbb&download=Vendor Advisory
https://customers.codesys.com/index.phpPermissions Required, Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14727&token=25159b0fc4355f4c6bc2e074a519a9d0cdb23fbb&download=Vendor Advisory

Timeline

Published: May 25, 2021
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2021-30187?

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

How severe is CVE-2021-30187?

CVE-2021-30187 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2021-30187?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-30187?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST