Vulnerabilities > Wago > PFC 200 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-12522 OS Command Injection vulnerability in Wago products
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
network
low complexity
wago CWE-78
critical
 9.8
9.8
2019-12-18 CVE-2019-5075 Out-of-bounds Write vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-787
critical
 9.8
9.8
2019-12-18 CVE-2019-5078 Missing Authentication for Critical Function vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-306
critical
 9.1
9.1
2019-12-18 CVE-2019-5079 Out-of-bounds Write vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-787
critical
 9.8
9.8
2019-12-18 CVE-2019-5080 Missing Authentication for Critical Function vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-306
critical
 9.1
9.1
2019-12-18 CVE-2019-5074 Out-of-bounds Write vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-787
critical
 9.8
9.8
2019-12-18 CVE-2019-5077 Missing Authentication for Critical Function vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-306
critical
 9.1
9.1
2019-12-18 CVE-2019-5081 Out-of-bounds Write vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-787
critical
 9.8
9.8