Vulnerabilities > Wago > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-11 | CVE-2019-5155 | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. | 7.2 |
2020-03-11 | CVE-2019-5149 | Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. | 7.5 |
2020-03-11 | CVE-2019-5134 | Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). | 7.5 |
2020-03-11 | CVE-2019-5107 | Cleartext Transmission of Sensitive Information vulnerability in Wago E!Cockpit 1.5.1.1 A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. | 7.5 |
2019-04-17 | CVE-2019-10953 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. | 7.5 |
2018-07-12 | CVE-2018-12980 | Unrestricted Upload of File with Dangerous Type vulnerability in Wago products An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. | 8.8 |