Latest Wago Vulnerabilities

CVE-2023-5188
WAGO Improper Input Validation in IEC61850 Server / Telecontrol
<1.4.6.0
CVE-2023-4149
WAGO: OS Command Injection Vulnerability in Managed Switch
Wago 0852-0602 Firmware<1.0.6.s0
Wago 0852-0602
Wago 0852-0603 Firmware<1.0.6.s0
Wago 0852-0603
Wago 0852-1605 Firmware<1.2.5.s0
Wago 0852-1605
CVE-2023-3379
WAGO: Improper Privilege Management in web-based management
Wago Compact Controller 100 Firmware<=25
Wago Compact Controller 100
Wago Edge Controller Firmware<=25
Wago Edge Controller
WAGO PFC100 Firmware<22
WAGO PFC100 Firmware=22
and 14 more
CVE-2023-4089
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a ...
Wago Compact Controller 100 Firmware>=19<=26
Wago Compact Controller 100
Wago Edge Controller Firmware>=18<=26
Wago Edge Controller
WAGO PFC100 Firmware>=16<=26
WAGO PFC100
and 8 more
CVE-2023-1620
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Wago 750-331 Firmware<fw17
Wago 750-331
Wago 750-8202 Firmware<fw22
Wago 750-8202 Firmware=fw22
WAGO 750-8202
Wago 750-8202\/000-011 Firmware<fw22
and 196 more
CVE-2023-1619
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Wago 750-331 Firmware<fw17
Wago 750-331
Wago 750-8202 Firmware<fw22
Wago 750-8202 Firmware=fw22
WAGO 750-8202
Wago 750-8202\/000-011 Firmware<fw22
and 196 more
CVE-2023-1150
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
Wago 750-363\/040-000 Firmware<fw11
Wago 750-363\/040-000
Wago 750-362\/040-000 Firmware<fw11
Wago 750-362\/040-000
Wago 750-362\/000-001 Firmware<fw11
Wago 750-362\/000-001
and 30 more
CVE-2023-1698
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Serv...
Wago Compact Controller 100 Firmware>=20<=23
Wago Compact Controller 100
Wago Edge Controller Firmware=22
Wago Edge Controller
WAGO PFC100 Firmware>=20<=23
WAGO PFC100
and 8 more
CVE-2022-45137
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality an...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-45139
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead ...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-45140
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromi...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-45138
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated...
Wago 751-9301 Firmware>=16<22
Wago 751-9301 Firmware=22
Wago 751-9301 Firmware=23
Wago 751-9301
Wago 752-8303\/8000-002 Firmware>=18<22
Wago 752-8303\/8000-002 Firmware=22
and 22 more
CVE-2022-3843
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a lim...
Wago 852-111\/000-001 Firmware=01
Wago 852-111\/000-001
CVE-2022-3738
WAGO: Missing authentication for config export functionality in multiple products
WAGO PFC100 Firmware>=16<=22
WAGO PFC100
WAGO PFC200 Firmware>=16<=22
WAGO PFC200
Wago Touch Panel 600 Advanced Firmware>=16<=22
Wago Touch Panel 600 Advanced
and 8 more
CVE-2021-34569
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
Wago 750-8100 Firmware<18
Wago 750-8100 Firmware=18
Wago 750-8100 Firmware=18-patch_1
Wago 750-8100 Firmware=18-patch_2
Wago 750-8100
Wago 750-8101 Firmware<18
and 239 more
CVE-2021-34568
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
Wago 750-8100 Firmware<18
Wago 750-8100 Firmware=18
Wago 750-8100 Firmware=18-patch_1
Wago 750-8100 Firmware=18-patch_2
Wago 750-8100
Wago 750-8101 Firmware<18
and 239 more
CVE-2021-34567
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds...
Wago 750-8100 Firmware<18
Wago 750-8100 Firmware=18
Wago 750-8100 Firmware=18-patch_1
Wago 750-8100 Firmware=18-patch_2
Wago 750-8100
Wago 750-8101 Firmware<18
and 239 more
CVE-2021-34566
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in ...
Wago 750-8100 Firmware<18
Wago 750-8100 Firmware=18
Wago 750-8100 Firmware=18-patch_1
Wago 750-8100 Firmware=18-patch_2
Wago 750-8100
Wago 750-8101 Firmware<18
and 239 more
CVE-2022-3281
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote...
Wago 750-8100 Firmware>=03.01.07\(13\)<=03.10.08\(22\)
Wago 750-8100
Wago 750-8101 Firmware>=03.01.07\(13\)<=03.10.08\(22\)
Wago 750-8101
Wago 750-8101\/000-010 Firmware>=03.01.07\(13\)<=03.10.08\(22\)
Wago 750-8101\/000-010
and 150 more
CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential inform...
Wago 750-8100 Firmware>=fw16<fw22
Wago 750-8100
Wago 750-8101 Firmware>=fw16<fw22
Wago 750-8101
Wago 750-8102 Firmware>=fw16<fw22
Wago 750-8102
and 43 more
CVE-2021-34581
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthentic...
Wago 750-880\/040-000 Firmware>=fw4<=fw15
Wago 750-880\/040-000
Wago 750-880\/025-002 Firmware>=fw4<=fw15
Wago 750-880\/025-002
Wago 750-880\/025-001 Firmware>=fw4<=fw15
Wago 750-880\/025-001
and 12 more
CVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO...
Wago 750-890\/040-000 Firmware<=fw07
Wago 750-890\/040-000
Wago 750-890\/025-001 Firmware<=fw07
Wago 750-890\/025-001
Wago 750-890\/025-002 Firmware<=fw07
Wago 750-890\/025-002
and 18 more
CVE-2021-21000
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
Wago 750-823 Firmware<=fw07
WAGO 750-823
Wago 750-829 Firmware<=fw14
Wago 750-829
Wago 750-831 Firmware<=fw14
WAGO 750-831
and 48 more
CVE-2021-21001
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Wago 750-823 Firmware<=fw07
WAGO 750-823
Wago 750-829 Firmware<=fw14
Wago 750-829
Wago 750-831 Firmware<=fw14
WAGO 750-831
and 48 more
CVE-2021-20998
Wago 0852-0303 Firmware<=1.2.3.s0
Wago 0852-0303
Wago 0852-1305 Firmware<=1.1.7.s0
Wago 0852-1305
Wago 0852-1505 Firmware<=1.1.6.s0
Wago 0852-1505
and 4 more
CVE-2021-20996
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
Wago 0852-0303 Firmware<=1.2.3.s0
Wago 0852-0303
Wago 0852-1305 Firmware<=1.1.7.s0
Wago 0852-1305
Wago 0852-1505 Firmware<=1.1.6.s0
Wago 0852-1505
and 4 more
CVE-2021-20995
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Wago 0852-0303 Firmware<=1.2.3.s0
Wago 0852-0303
Wago 0852-1305 Firmware<=1.1.7.s0
Wago 0852-1305
Wago 0852-1505 Firmware<=1.1.6.s0
Wago 0852-1505
and 4 more
CVE-2021-20997
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
Wago 0852-0303 Firmware<=1.2.3.s0
Wago 0852-0303
Wago 0852-1305 Firmware<=1.1.7.s0
Wago 0852-1305
Wago 0852-1505 Firmware<=1.1.6.s0
Wago 0852-1505
and 4 more
CVE-2021-20993
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
Wago 0852-0303 Firmware<=1.2.3.s0
Wago 0852-0303
Wago 0852-1305 Firmware<=1.1.7.s0
Wago 0852-1305
Wago 0852-1505 Firmware<=1.1.6.s0
Wago 0852-1505
and 4 more
CVE-2021-20994
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Wago 0852-0303 Firmware<=1.2.3.s0
Wago 0852-0303
Wago 0852-1305 Firmware<=1.1.7.s0
Wago 0852-1305
Wago 0852-1505 Firmware<=1.1.6.s0
Wago 0852-1505
and 4 more
CVE-2020-12525
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
Emerson Rosemount Transmitter Interface Software
Pepperl-fuchs Pactware>=5.0<=5.0.5.31
Wago Dtminspector 3
Wago Fdtcontainer Application<4.5
Wago Fdtcontainer Application>=4.5.0<=4.5.20304
Wago Fdtcontainer Application>=4.6.0<=4.6.20304
and 17 more
CVE-2020-12522
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xx...
WAGO PFC 100 Firmware<=10
Wago 750-8101\/025-000
Wago 750-8102\/025-000
WAGO PFC 200 Firmware<=10
Wago 750-8202\/000-012
Wago 750-8202\/000-022
and 36 more
CVE-2020-12516
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
>=fw1<=fw10
>=fw1<=fw10
>=fw1<=fw10
and 14 more
CVE-2020-12506
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authe...
Wago 750-362 Firmware<=fw03
WAGO 750-362
Wago 750-363 Firmware<=fw03
WAGO 750-363
Wago 750-823 Firmware<=fw03
WAGO 750-823
and 8 more
CVE-2020-12505
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO...
Wago 750-852 Firmware<=fw07
WAGO 750-852
Wago 750-880 Firmware<=fw07
WAGO 750-880
Wago 750-881 Firmware<=fw07
WAGO 750-881
and 8 more
CVE-2020-6090
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution re...
WAGO PFC200 Firmware=03.03.10\(15\)
WAGO PFC200
CVE-2019-5184
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can c...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5185
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger th...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5186
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger th...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5171
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5180
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5181
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache f...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5176
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5177
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5178
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5170
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a sp...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5179
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5169
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a sp...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5174
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200
CVE-2019-5182
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a speciall...
WAGO PFC200 Firmware=03.02.02\(14\)
WAGO PFC200

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203