Vulnerabilities > Wago > 752 8303 8000 002 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2022-45140 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 |
| 2023-02-27 | CVE-2022-45138 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. | 9.8 |
| 2022-11-09 | CVE-2021-34569 | Out-of-bounds Write vulnerability in Wago products In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. | 9.8 |
| 2022-11-09 | CVE-2021-34566 | Classic Buffer Overflow vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 9.1 |