Vulnerabilities > Wago
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2022-45139 | Origin Validation Error vulnerability in Wago products A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. | 5.3 |
| 2023-02-27 | CVE-2022-45140 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 |
| 2023-02-16 | CVE-2022-3843 | Hidden Functionality vulnerability in Wago 852-111/000-001 Firmware 01 In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | 9.1 |
| 2023-01-19 | CVE-2022-3738 | Missing Authentication for Critical Function vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. | 5.9 |
| 2022-11-09 | CVE-2021-34566 | Classic Buffer Overflow vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 9.1 |
| 2022-11-09 | CVE-2021-34567 | Out-of-bounds Read vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 8.2 |
| 2022-11-09 | CVE-2021-34568 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | 7.5 |
| 2022-11-09 | CVE-2021-34569 | Out-of-bounds Write vulnerability in Wago products In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. | 9.8 |
| 2022-10-17 | CVE-2022-3281 | Expected Behavior Violation vulnerability in Wago products WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. | 7.5 |
| 2022-03-09 | CVE-2022-22511 | Cross-site Scripting vulnerability in Wago products Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. | 3.5 |