Latest wago pfc200 firmware Vulnerabilities

CVE-2023-3379
WAGO: Improper Privilege Management in web-based management
Wago Compact Controller 100 Firmware<=25
Wago Compact Controller 100
Wago Edge Controller Firmware<=25
Wago Edge Controller
WAGO PFC100 Firmware<22
WAGO PFC100 Firmware=22
and 14 more
CVE-2023-4089
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a ...
Wago Compact Controller 100 Firmware>=19<=26
Wago Compact Controller 100
Wago Edge Controller Firmware>=18<=26
Wago Edge Controller
WAGO PFC100 Firmware>=16<=26
WAGO PFC100
and 8 more
CVE-2022-45138
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-45140
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromi...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-45137
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality an...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-45139
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead ...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-3738
WAGO: Missing authentication for config export functionality in multiple products
WAGO PFC100 Firmware>=16<=22
WAGO PFC100
WAGO PFC200 Firmware>=16<=22
WAGO PFC200
Wago Touch Panel 600 Advanced Firmware>=16<=22
Wago Touch Panel 600 Advanced
and 8 more
CVE-2020-6090
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution re...
WAGO PFC200 Firmware=03.03.10\(15\)
WAGO PFC200
CVE-2019-5186
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger th...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5184
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can c...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5185
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger th...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5170
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a sp...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5180
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5181
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache f...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5178
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5176
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5177
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5169
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a sp...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5174
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5182
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5172
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5173
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a sp...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5168
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At ...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5161
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file wil...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5160
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted ...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5167
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is use...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC 200
CVE-2019-5166
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specif...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5157
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS c...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5155
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in t...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5134
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PF...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200
WAGO PFC100 Firmware=03.00.39\(12\)
WAGO PFC100
CVE-2019-5149
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended t...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200
WAGO PFC100 Firmware=03.00.39\(12\)
WAGO PFC100 Firmware=03.01.07\(13\)
WAGO PFC100
CVE-2019-5156
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating sys...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5082
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WA...
WAGO PFC200 Firmware=03.00.39\(12\)
WAGO PFC200 Firmware=03.01.07\(13\)
WAGO PFC200
WAGO PFC100 Firmware=03.00.39\(12\)
WAGO PFC100

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203