Vulnerabilities > Wago > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-4149 | OS Command Injection vulnerability in Wago products A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. | 9.8 |
| 2023-05-15 | CVE-2023-1698 | OS Command Injection vulnerability in Wago products In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | 9.8 |
| 2023-02-27 | CVE-2022-45138 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. | 9.8 |
| 2023-02-27 | CVE-2022-45140 | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 |
| 2023-02-16 | CVE-2022-3843 | Hidden Functionality vulnerability in Wago 852-111/000-001 Firmware 01 In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | 9.1 |
| 2022-11-09 | CVE-2021-34566 | Classic Buffer Overflow vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 9.1 |
| 2022-11-09 | CVE-2021-34569 | Out-of-bounds Write vulnerability in Wago products In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. | 9.8 |
| 2020-12-17 | CVE-2020-12522 | OS Command Injection vulnerability in Wago products The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | 10.0 |
| 2020-03-11 | CVE-2019-5161 | Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 9.0 |
| 2020-03-11 | CVE-2019-5155 | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. | 9.0 |