Vulnerabilities > Wago > Pfc100 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-20 | CVE-2023-3379 | Incorrect Authorization vulnerability in Wago products Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. | 5.3 |
| 2023-02-27 | CVE-2022-45137 | Cross-site Scripting vulnerability in Wago products The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. | 6.1 |
| 2023-02-27 | CVE-2022-45139 | Origin Validation Error vulnerability in Wago products A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. | 5.3 |
| 2023-01-19 | CVE-2022-3738 | Missing Authentication for Critical Function vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. | 5.9 |
| 2020-03-11 | CVE-2019-5135 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. | 5.3 |