Vulnerabilities > Wago > Pfc200 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2019-5178 | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 4.6 |
| 2020-03-11 | CVE-2019-5166 | Classic Buffer Overflow vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). | 4.6 |
| 2020-03-11 | CVE-2019-5160 | Improper Input Validation vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 6.5 |
| 2020-03-11 | CVE-2019-5157 | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 6.5 |
| 2020-03-11 | CVE-2019-5156 | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 6.5 |
| 2020-03-11 | CVE-2019-5149 | Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. | 5.0 |
| 2020-03-11 | CVE-2019-5135 | Information Exposure Through Discrepancy vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. | 5.0 |
| 2020-03-11 | CVE-2019-5134 | Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). | 5.0 |
| 2017-02-13 | CVE-2016-9362 | Improper Authentication vulnerability in Wago products An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. | 6.4 |