Vulnerabilities > Wago > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2021-08-31 | CVE-2021-34578 | Unspecified vulnerability in Wago products This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. | 8.1 |
| 2021-08-31 | CVE-2021-34581 | Missing Release of Resource after Effective Lifetime vulnerability in Wago products Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | 7.5 |
| 2021-05-24 | CVE-2021-21000 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | 7.5 |
| 2021-05-13 | CVE-2021-20995 | Cleartext Storage of Sensitive Information vulnerability in Wago products In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | 7.5 |
| 2021-05-13 | CVE-2021-20997 | Insufficiently Protected Credentials vulnerability in Wago products In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 7.5 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2020-12-10 | CVE-2020-12516 | Unspecified vulnerability in Wago products Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. | 7.5 |
| 2020-06-11 | CVE-2020-6090 | Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.03.10(15) An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). | 7.2 |
| 2020-03-23 | CVE-2019-5186 | Classic Buffer Overflow vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. | 7.0 |