Vulnerabilities > Wago
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-1620 | Unspecified vulnerability in Wago products Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. | 4.9 |
| 2023-02-16 | CVE-2022-3843 | Unspecified vulnerability in Wago 852-111/000-001 Firmware 01 In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | 9.1 |
| 2023-01-19 | CVE-2022-3738 | Unspecified vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. | 5.9 |
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2022-03-09 | CVE-2022-22511 | Unspecified vulnerability in Wago products Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. | 5.4 |
| 2021-08-31 | CVE-2021-34578 | Unspecified vulnerability in Wago products This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. | 8.1 |
| 2021-08-31 | CVE-2021-34581 | Missing Release of Resource after Effective Lifetime vulnerability in Wago products Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | 7.5 |
| 2021-05-24 | CVE-2021-21000 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | 7.5 |
| 2021-05-24 | CVE-2021-21001 | Path Traversal vulnerability in Wago products On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. | 6.5 |
| 2021-05-13 | CVE-2021-20993 | Information Exposure vulnerability in Wago products In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. | 5.3 |