CVE-2021-34581 - Vulnerability Details - OpenCVE

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago	750-831 750-831\/000-002 750-831\/000-002 Firmware 750-831 Firmware 750-880 750-880\/025-000 750-880\/025-000 Firmware 750-880\/025-001 750-880\/025-001 Firmware 750-880\/025-002 750-880\/025-002 Firmware 750-880\/040-000 750-880\/040-000 Firmware 750-880 Firmware 750-881 750-881 Firmware 750-889 750-889 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-880\/040-000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880\/040-000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-880\/025-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880\/025-002:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-880\/025-001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880\/025-001:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:750-880\/025-000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880\/025-000:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-831\/000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831\/000-002:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en-us/advisories/vde-2021-038

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-08-31T10:33:02.999010Z

Updated: 2024-09-17T00:42:35.318Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34581

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-31T11:15:07.830

Modified: 2024-11-21T06:10:44.833

Link: CVE-2021-34581

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889", "vendor": "WAGO", "versions": [{"lessThan": "All*", "status": "affected", "version": "FW4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "These vulnerabilities were reported to WAGO by: Uwe Disch. Coordination done by CERT@VDE"}], "datePublic": "2021-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-772", "description": "CWE-772 Missing Release of Resource after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T10:33:02", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-038"}], "solutions": [{"lang": "en", "value": "Update the device to the latest FW version ( >FW15 )."}], "source": {"advisory": "VDE-2021-038", "discovery": "EXTERNAL"}, "title": "WAGO: Denial of Service vulnerability inside the OpenSSL implementation", "workarounds": [{"lang": "en", "value": "Restrict network access to the device.\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports\nDisable Web Based Management ports 80/443 after configuration phase."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-08-31T07:00:00.000Z", "ID": "CVE-2021-34581", "STATE": "PUBLIC", "TITLE": "WAGO: Denial of Service vulnerability inside the OpenSSL implementation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889", "version": {"version_data": [{"version_affected": ">=", "version_name": "All", "version_value": "FW4"}, {"version_affected": "<=", "version_name": "All", "version_value": "FW15 +1"}]}}]}, "vendor_name": "WAGO"}]}}, "credit": [{"lang": "eng", "value": "These vulnerabilities were reported to WAGO by: Uwe Disch. Coordination done by CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-772 Missing Release of Resource after Effective Lifetime"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-038", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-038"}]}, "solution": [{"lang": "en", "value": "Update the device to the latest FW version ( >FW15 )."}], "source": {"advisory": "VDE-2021-038", "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Restrict network access to the device.\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports\nDisable Web Based Management ports 80/443 after configuration phase."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:46.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-038"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34581", "datePublished": "2021-08-31T10:33:02.999010Z", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-09-17T00:42:35.318Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880\\/040-000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64E837A4-57BE-40EB-8A56-B0BB206FE18F", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880\\/040-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC027AEF-12BD-45CF-969B-9336F57E104E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880\\/025-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "919AC39F-D02D-49C0-90D6-F5230C61A7D6", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880\\/025-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1C30C82-1A6F-42F3-92CA-D1F0BD6DB628", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880\\/025-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79B295FB-FFCF-459B-9486-3727471654B1", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880\\/025-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5BF7980-8B31-45AF-869D-531801B98BFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880\\/025-000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00D72029-8484-452B-B1CD-D0524D531B10", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880\\/025-000:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2F43C2B-AA5E-4C09-9459-05273061CCB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-831\\/000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "81AECA1A-207F-4286-B39C-E75F6E047AE8", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-831\\/000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CB5953A-51A5-4A60-A066-4280066B968B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEA48F1D-170A-48A4-B599-548209CA005E", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*", "matchCriteriaId": "57919AAB-2962-4543-810A-C143300351F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66314186-5478-4DFD-B08D-6FC2B85A6986", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AE56B51-58E5-4C2F-9DD8-21DC72274C0E", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0631884-FF6F-4AA9-9D76-CDECB5A738FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD8DD66C-05AA-4E92-9B0C-A2732DAB3A21", "versionEndIncluding": "fw15", "versionStartIncluding": "fw4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFEAC4D9-15CF-44B8-844D-C012AA4637A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device."}, {"lang": "es", "value": "Una vulnerabilidad de Falta de Liberaci\u00f3n de Recursos despu\u00e9s del Tiempo de Vida Efectivo en la implementaci\u00f3n de OpenSSL de WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 en versiones FW4 hasta FW15, permite a un atacante no autenticado causar DoS en el dispositivo"}], "id": "CVE-2021-34581", "lastModified": "2024-11-21T06:10:44.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-31T11:15:07.830", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-038"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}