Vulnerabilities > Wago > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2020-8597 Classic Buffer Overflow vulnerability in multiple products
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
network
low complexity
point-to-point-protocol-project wago debian canonical CWE-120
critical
9.8
2019-12-18 CVE-2019-5078 Missing Authentication for Critical Function vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-306
critical
9.4
2019-12-18 CVE-2019-5075 Out-of-bounds Write vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-787
critical
10.0
2019-12-18 CVE-2019-5081 Classic Buffer Overflow vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-120
critical
10.0
2019-12-18 CVE-2019-5074 Classic Buffer Overflow vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-120
critical
10.0
2019-06-17 CVE-2019-12550 Use of Hard-coded Credentials vulnerability in Wago products
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
network
low complexity
wago CWE-798
critical
10.0
2019-06-17 CVE-2019-12549 Use of Hard-coded Credentials vulnerability in Wago products
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon.
network
low complexity
wago CWE-798
critical
10.0
2019-05-07 CVE-2019-10712 Use of Hard-coded Credentials vulnerability in Wago products
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
network
low complexity
wago CWE-798
critical
9.8
2017-08-22 CVE-2015-6473 7PK - Security Features vulnerability in Wago 750-849 Firmware and 758-870 Firmware
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
network
low complexity
wago CWE-254
critical
10.0
2012-09-07 CVE-2012-4879 Credentials Management vulnerability in Wago I/O System 758 Industrial PC Device
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.
network
low complexity
wago CWE-255
critical
10.0