Vulnerabilities > Wago > Pfc100 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-3379 Incorrect Authorization vulnerability in Wago products
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
local
low complexity
wago CWE-863
5.3
2023-02-27 CVE-2022-45137 Cross-site Scripting vulnerability in Wago products
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser.
network
low complexity
wago CWE-79
6.1
2023-02-27 CVE-2022-45139 Origin Validation Error vulnerability in Wago products
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver.
network
low complexity
wago CWE-346
5.3
2023-01-19 CVE-2022-3738 Missing Authentication for Critical Function vulnerability in Wago products
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists.
network
high complexity
wago CWE-306
5.9
2020-03-11 CVE-2019-5135 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers.
network
low complexity
wago CWE-327
5.3