Vulnerabilities > Wago

DATE CVE VULNERABILITY TITLE RISK
2022-03-09 CVE-2022-22511 Cross-site Scripting vulnerability in Wago products
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.
network
wago CWE-79
3.5
2022-03-04 CVE-2021-46380 Cross-Site Request Forgery (CSRF) vulnerability in Wago 750-8212 Firmware
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking.
network
wago CWE-352
6.8
2022-02-16 CVE-2021-46388 Reliance on Cookies without Validation and Integrity Checking vulnerability in Wago 750-8212 Pfc200 G2 2Eth RS Firmware 03.05.10(17)
** DISPUTED ** WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege escalation vulnerability.
network
low complexity
wago CWE-565
critical
9.0
2021-08-31 CVE-2021-34578 Improper Authentication vulnerability in Wago products
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
network
wago CWE-287
6.8
2021-08-31 CVE-2021-34581 Missing Release of Resource after Effective Lifetime vulnerability in Wago products
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
network
low complexity
wago CWE-772
7.8
2021-05-24 CVE-2021-21000 Allocation of Resources Without Limits or Throttling vulnerability in Wago products
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
network
low complexity
wago CWE-770
5.0
2021-05-24 CVE-2021-21001 Path Traversal vulnerability in Wago products
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
network
low complexity
wago CWE-22
4.0
2021-05-13 CVE-2021-20993 Information Exposure vulnerability in Wago products
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
network
low complexity
wago CWE-200
5.0
2021-05-13 CVE-2021-20994 Cross-site Scripting vulnerability in Wago products
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
network
wago CWE-79
4.3
2021-05-13 CVE-2021-20995 Cleartext Storage of Sensitive Information vulnerability in Wago products
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
network
low complexity
wago CWE-312
5.0