Vulnerabilities > Wago > Pfc200 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-3379 Incorrect Authorization vulnerability in Wago products
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
local
low complexity
wago CWE-863
5.3
2023-02-27 CVE-2022-45137 Cross-site Scripting vulnerability in Wago products
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser.
network
low complexity
wago CWE-79
6.1
2023-02-27 CVE-2022-45139 Origin Validation Error vulnerability in Wago products
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver.
network
low complexity
wago CWE-346
5.3
2023-01-19 CVE-2022-3738 Missing Authentication for Critical Function vulnerability in Wago products
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists.
network
high complexity
wago CWE-306
5.9
2020-03-23 CVE-2019-5186 Classic Buffer Overflow vulnerability in Wago Pfc200 Firmware 03.02.02(14)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200.
local
wago CWE-120
4.4
2020-03-23 CVE-2019-5185 Classic Buffer Overflow vulnerability in Wago Pfc200 Firmware 03.02.02(14)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200.
local
wago CWE-120
4.4
2020-03-23 CVE-2019-5184 Double Free vulnerability in Wago Pfc200 Firmware 03.02.02(14)
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200.
local
low complexity
wago CWE-415
4.6
2020-03-12 CVE-2019-5181 Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).
local
low complexity
wago CWE-787
4.6
2020-03-12 CVE-2019-5180 Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).
local
low complexity
wago CWE-787
4.6
2020-03-12 CVE-2019-5179 Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).
local
low complexity
wago CWE-787
4.6