Vulnerabilities > Wago > Pfc200 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-03-11 CVE-2019-5160 Unspecified vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).
network
low complexity
wago
critical
9.1
2020-03-11 CVE-2019-5157 OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).
network
low complexity
wago CWE-78
7.2
2020-03-11 CVE-2019-5156 OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).
network
low complexity
wago CWE-78
7.2
2020-03-11 CVE-2019-5155 OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200.
network
low complexity
wago CWE-78
7.2
2020-03-11 CVE-2019-5149 Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs.
network
low complexity
wago CWE-400
7.5
2020-03-11 CVE-2019-5135 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers.
network
low complexity
wago CWE-327
5.3
2020-03-11 CVE-2019-5134 Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12).
network
low complexity
wago
7.5
2020-01-08 CVE-2019-5082 Out-of-bounds Write vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-787
critical
9.8
2018-02-13 CVE-2018-5459 Improper Authentication vulnerability in Wago Pfc200 Firmware
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X.
network
low complexity
wago CWE-287
critical
9.8
2017-02-13 CVE-2016-9362 Improper Authentication vulnerability in Wago products
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111.
network
low complexity
wago CWE-287
critical
9.1