Vulnerabilities > Wago > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-5188 | Unspecified vulnerability in Wago Telecontrol Configurator and Wagoapprtu The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. | 7.5 |
| 2023-06-26 | CVE-2023-1150 | Missing Release of Resource after Effective Lifetime vulnerability in Wago products Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. | 7.5 |
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2022-11-09 | CVE-2021-34567 | Out-of-bounds Read vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 8.2 |
| 2022-11-09 | CVE-2021-34568 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | 7.5 |
| 2022-10-17 | CVE-2022-3281 | Expected Behavior Violation vulnerability in Wago products WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. | 7.5 |
| 2021-08-31 | CVE-2021-34578 | Improper Authentication vulnerability in Wago products This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. | 8.1 |
| 2021-08-31 | CVE-2021-34581 | Missing Release of Resource after Effective Lifetime vulnerability in Wago products Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | 7.5 |
| 2021-05-24 | CVE-2021-21000 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | 7.5 |
| 2021-05-13 | CVE-2021-20995 | Cleartext Storage of Sensitive Information vulnerability in Wago products In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | 7.5 |