Vulnerabilities > Wago
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-09 | CVE-2022-22511 | Cross-site Scripting vulnerability in Wago products Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. | 3.5 |
| 2021-08-31 | CVE-2021-34578 | Improper Authentication vulnerability in Wago products This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. | 6.8 |
| 2021-08-31 | CVE-2021-34581 | Missing Release of Resource after Effective Lifetime vulnerability in Wago products Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | 7.8 |
| 2021-05-24 | CVE-2021-21000 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | 5.0 |
| 2021-05-24 | CVE-2021-21001 | Path Traversal vulnerability in Wago products On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. | 4.0 |
| 2021-05-13 | CVE-2021-20993 | Information Exposure vulnerability in Wago products In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. | 5.0 |
| 2021-05-13 | CVE-2021-20994 | Cross-site Scripting vulnerability in Wago products In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | 4.3 |
| 2021-05-13 | CVE-2021-20995 | Cleartext Storage of Sensitive Information vulnerability in Wago products In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | 5.0 |
| 2021-05-13 | CVE-2021-20996 | Incorrect Permission Assignment for Critical Resource vulnerability in Wago products In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | 5.0 |
| 2021-05-13 | CVE-2021-20997 | Insufficiently Protected Credentials vulnerability in Wago products In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 5.0 |