Vulnerabilities > Wago
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-20994 | Cross-site Scripting vulnerability in Wago products In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | 6.1 |
| 2021-05-13 | CVE-2021-20995 | Cleartext Storage of Sensitive Information vulnerability in Wago products In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | 7.5 |
| 2021-05-13 | CVE-2021-20996 | Incorrect Permission Assignment for Critical Resource vulnerability in Wago products In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | 5.3 |
| 2021-05-13 | CVE-2021-20997 | Insufficiently Protected Credentials vulnerability in Wago products In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 7.5 |
| 2021-05-13 | CVE-2021-20998 | Missing Authentication for Critical Function vulnerability in Wago products In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 9.8 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2020-12-17 | CVE-2020-12522 | OS Command Injection vulnerability in Wago products The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | 9.8 |
| 2020-12-10 | CVE-2020-12516 | Unspecified vulnerability in Wago products Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. | 7.5 |
| 2020-06-11 | CVE-2020-6090 | Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.03.10(15) An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). | 7.2 |
| 2020-03-23 | CVE-2019-5186 | Classic Buffer Overflow vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. | 7.0 |