Search Results (130 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4149 1 Wago 6 0852-0602, 0852-0602 Firmware, 0852-0603 and 3 more 2024-11-21 9.8 Critical
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.
CVE-2023-3379 1 Wago 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more 2024-11-21 5.3 Medium
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
CVE-2023-1620 1 Wago 152 750-331, 750-331 Firmware, 750-8202 and 149 more 2024-11-21 4.9 Medium
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
CVE-2023-1619 1 Wago 152 750-331, 750-331 Firmware, 750-8202 and 149 more 2024-11-21 4.9 Medium
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
CVE-2022-45137 1 Wago 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more 2024-11-21 6.1 Medium
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
CVE-2022-22511 1 Wago 49 750-8100, 750-8100 Firmware, 750-8101 and 46 more 2024-11-21 5.4 Medium
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
CVE-2021-34581 1 Wago 18 750-831, 750-831\/000-002, 750-831\/000-002 Firmware and 15 more 2024-11-21 7.5 High
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
CVE-2021-34578 1 Wago 24 750-362, 750-362 Firmware, 750-363 and 21 more 2024-11-21 9.8 Critical
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVE-2021-20998 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-11-21 10 Critical
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
CVE-2021-20997 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-11-21 7.5 High
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
CVE-2021-20996 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-11-21 5.3 Medium
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
CVE-2021-20995 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-11-21 5.3 Medium
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
CVE-2021-20994 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-11-21 8.8 High
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
CVE-2021-20993 1 Wago 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more 2024-11-21 5.3 Medium
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
CVE-2020-6090 1 Wago 2 Pfc200, Pfc200 Firmware 2024-11-21 7.2 High
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-12525 4 Emerson, Pepperl-fuchs, Wago and 1 more 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more 2024-11-21 7.3 High
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12522 1 Wago 42 750-8101\/025-000, 750-8102\/025-000, 750-8202\/000-012 and 39 more 2024-11-21 10 Critical
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
CVE-2020-12516 1 Wago 20 750-331, 750-331 Firmware, 750-352 and 17 more 2024-11-21 7.5 High
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
CVE-2020-12506 1 Wago 14 750-362, 750-362 Firmware, 750-363 and 11 more 2024-11-21 9.1 Critical
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
CVE-2020-12505 1 Wago 14 750-831, 750-831 Firmware, 750-852 and 11 more 2024-11-21 8.2 High
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.