| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. |
| On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. |
| A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. |
| WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. |
| WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. |
| In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. |
| In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. |
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. |
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. |
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. |
| WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. |
| WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. |
| An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. |
| WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. |
| The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
|
| In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
|
| The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. |
| A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. |
