Filtered by vendor Wago
Subscriptions
Total
94 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-20995 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-17 | 5.3 Medium |
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | ||||
CVE-2018-8836 | 1 Wago | 16 750-829, 750-829 Firmware, 750-831 and 13 more | 2024-09-17 | N/A |
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. | ||||
CVE-2021-20994 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-17 | 8.8 High |
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | ||||
CVE-2021-20998 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-17 | 10 Critical |
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | ||||
CVE-2021-34581 | 1 Wago | 18 750-831, 750-831\/000-002, 750-831\/000-002 Firmware and 15 more | 2024-09-17 | 7.5 High |
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | ||||
CVE-2022-22511 | 1 Wago | 49 750-8100, 750-8100 Firmware, 750-8101 and 46 more | 2024-09-17 | 5.4 Medium |
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. | ||||
CVE-2020-12506 | 1 Wago | 14 750-362, 750-362 Firmware, 750-363 and 11 more | 2024-09-17 | 9.1 Critical |
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. | ||||
CVE-2021-20997 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-16 | 7.5 High |
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | ||||
CVE-2021-20996 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-16 | 5.3 Medium |
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | ||||
CVE-2020-12525 | 4 Emerson, Pepperl-fuchs, Wago and 1 more | 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more | 2024-09-16 | 7.3 High |
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | ||||
CVE-2021-20993 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-16 | 5.3 Medium |
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. | ||||
CVE-2022-3281 | 1 Wago | 156 750-8100, 750-8100 Firmware, 750-8101 and 153 more | 2024-09-16 | 7.5 High |
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. | ||||
CVE-2020-12516 | 1 Wago | 20 750-331, 750-331 Firmware, 750-352 and 17 more | 2024-09-16 | 7.5 High |
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. | ||||
CVE-2012-3013 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2024-09-16 | N/A |
WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. | ||||
CVE-2021-21000 | 1 Wago | 54 750-8202, 750-8202 Firmware, 750-8203 and 51 more | 2024-09-16 | 5.3 Medium |
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | ||||
CVE-2021-34578 | 1 Wago | 24 750-362, 750-362 Firmware, 750-363 and 21 more | 2024-09-16 | 9.8 Critical |
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. | ||||
CVE-2020-12522 | 1 Wago | 42 750-8101\/025-000, 750-8102\/025-000, 750-8202\/000-012 and 39 more | 2024-09-16 | 10 Critical |
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | ||||
CVE-2020-12505 | 1 Wago | 14 750-831, 750-831 Firmware, 750-852 and 11 more | 2024-09-16 | 8.2 High |
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below. | ||||
CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2024-09-16 | N/A |
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | ||||
CVE-2021-21001 | 1 Wago | 54 750-8202, 750-8202 Firmware, 750-8203 and 51 more | 2024-09-16 | 9.1 Critical |
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. |