Vulnerabilities > Wago > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-11 CVE-2019-5155 OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200.
network
low complexity
wago CWE-78
7.2
2020-03-11 CVE-2019-5149 Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs.
network
low complexity
wago CWE-400
7.5
2020-03-11 CVE-2019-5134 Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12).
network
low complexity
wago
7.5
2020-03-11 CVE-2019-5107 Cleartext Transmission of Sensitive Information vulnerability in Wago E!Cockpit 1.5.1.1
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1.
network
low complexity
wago CWE-319
7.5
2019-04-17 CVE-2019-10953 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions.
7.5
2018-07-12 CVE-2018-12980 Unrestricted Upload of File with Dangerous Type vulnerability in Wago products
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02.
network
low complexity
wago CWE-434
8.8