Vulnerabilities > Wago > Pfc200 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-15 | CVE-2023-1698 | OS Command Injection vulnerability in Wago products In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | 9.8 |
| 2023-02-27 | CVE-2022-45140 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 |
| 2023-02-27 | CVE-2022-45138 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. | 9.8 |
| 2020-03-11 | CVE-2019-5160 | Unspecified vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 9.1 |
| 2020-03-11 | CVE-2019-5161 | Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 9.1 |
| 2020-01-08 | CVE-2019-5082 | Out-of-bounds Write vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). | 9.8 |
| 2018-02-13 | CVE-2018-5459 | Improper Authentication vulnerability in Wago Pfc200 Firmware An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. | 9.8 |
| 2017-02-13 | CVE-2016-9362 | Improper Authentication vulnerability in Wago products An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. | 9.1 |