Cyber Resilience

CVE-2021-21001

Critical

Published: 24 May 2021

Published
24 May 2021
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0024 47.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-21001 is a critical-severity Path Traversal (CWE-22) vulnerability in Wago 750-823 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 47.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wago
750-823 firmware
≤ fw08
wago
750-829 firmware
≤ fw15
wago
750-831 firmware
≤ fw15
wago
750-832 firmware
≤ fw08
wago
750-852 firmware
≤ fw15
wago
750-862 firmware
≤ fw08
wago
750-880 firmware
≤ fw16
wago
750-881 firmware
≤ fw15
wago
750-882 firmware
≤ fw15
wago
750-885 firmware
≤ fw15
+17 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References