Vulnerabilities > Wago > 750 862 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-1150 Missing Release of Resource after Effective Lifetime vulnerability in Wago products
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
network
low complexity
wago CWE-772
7.5
2023-06-26 CVE-2023-1619 Unspecified vulnerability in Wago products
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
network
low complexity
wago
4.9
2023-06-26 CVE-2023-1620 Improper Validation of Consistency within Input vulnerability in Wago products
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
network
low complexity
wago CWE-1288
4.9
2021-08-31 CVE-2021-34578 Improper Authentication vulnerability in Wago products
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
network
high complexity
wago CWE-287
8.1
2021-05-24 CVE-2021-21000 Allocation of Resources Without Limits or Throttling vulnerability in Wago products
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
network
low complexity
wago CWE-770
7.5
2021-05-24 CVE-2021-21001 Path Traversal vulnerability in Wago products
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
network
low complexity
wago CWE-22
6.5
2020-09-30 CVE-2020-12506 Missing Authentication for Critical Function vulnerability in Wago products
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
network
low complexity
wago CWE-306
critical
9.1