Vulnerability Details : CVE-2021-34581
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
Vulnerability category: Denial of service
Products affected by CVE-2021-34581
- cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-880\/040-000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-880\/025-002_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-880\/025-001_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-880\/025-000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:wago:750-831\/000-002_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-34581
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-34581
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
CERT VDE | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-34581
-
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.Assigned by:
- info@cert.vde.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-34581
-
https://cert.vde.com/en-us/advisories/vde-2021-038
WAGO: OpenSSL DoS Vulnerability in PLCs — English (USA)Third Party Advisory
Jump to