Vulnerabilities > Wago > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-11 | CVE-2019-5135 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. | 5.3 |
2020-03-11 | CVE-2019-5106 | Use of Hard-coded Credentials vulnerability in Wago E!Cockpit 1.5.1.1 A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. | 5.5 |
2019-12-18 | CVE-2019-5073 | Information Exposure vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). | 5.3 |
2019-10-19 | CVE-2019-18202 | Unspecified vulnerability in Wago PFC Firmware Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. | 5.3 |
2018-10-12 | CVE-2018-16210 | Cross-site Scripting vulnerability in Wago 750-881 Ethernet Controller Devices Firmware 01.08.01(10)/01.09.18(13) WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. | 6.1 |
2018-07-12 | CVE-2018-12981 | Cross-site Scripting vulnerability in Wago products An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. | 5.4 |
2018-07-12 | CVE-2018-12979 | Incorrect Permission Assignment for Critical Resource vulnerability in Wago products An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. | 6.5 |
2018-04-03 | CVE-2018-8836 | Improper Resource Shutdown or Release vulnerability in Wago products Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. | 5.3 |