Vulnerabilities > Wago > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-5188 | Unspecified vulnerability in Wago Telecontrol Configurator and Wagoapprtu The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. | 7.5 |
| 2023-06-26 | CVE-2023-1150 | Resource Exhaustion vulnerability in Wago products Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. | 7.5 |
| 2022-11-09 | CVE-2021-34567 | Out-of-bounds Read vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 8.2 |
| 2022-11-09 | CVE-2021-34568 | Allocation of Resources Without Limits or Throttling vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | 7.5 |
| 2022-10-17 | CVE-2022-3281 | Expected Behavior Violation vulnerability in Wago products WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. | 7.5 |
| 2021-08-31 | CVE-2021-34581 | Missing Release of Resource after Effective Lifetime vulnerability in Wago products Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | 7.8 |
| 2021-05-13 | CVE-2021-20998 | Missing Authentication for Critical Function vulnerability in Wago products In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 7.5 |
| 2020-12-10 | CVE-2020-12516 | Unspecified vulnerability in Wago products Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. | 7.5 |
| 2020-06-11 | CVE-2020-6090 | Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.03.10(15) An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). | 7.2 |
| 2020-03-12 | CVE-2019-5171 | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.2 |