Vulnerabilities > Wago > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-11 CVE-2019-5135 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers.
network
low complexity
wago CWE-327
5.3
2020-03-11 CVE-2019-5106 Use of Hard-coded Credentials vulnerability in Wago E!Cockpit 1.5.1.1
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1.
local
low complexity
wago CWE-798
5.5
2019-12-18 CVE-2019-5073 Information Exposure vulnerability in Wago PFC 100 Firmware and PFC 200 Firmware
An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
network
low complexity
wago CWE-200
5.3
2019-10-19 CVE-2019-18202 Unspecified vulnerability in Wago PFC Firmware
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control.
network
low complexity
wago
5.3
2018-10-12 CVE-2018-16210 Cross-site Scripting vulnerability in Wago 750-881 Ethernet Controller Devices Firmware 01.08.01(10)/01.09.18(13)
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
network
low complexity
wago CWE-79
6.1
2018-07-12 CVE-2018-12981 Cross-site Scripting vulnerability in Wago products
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02.
network
low complexity
wago CWE-79
5.4
2018-07-12 CVE-2018-12979 Incorrect Permission Assignment for Critical Resource vulnerability in Wago products
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02.
network
low complexity
wago CWE-732
6.5
2018-04-03 CVE-2018-8836 Improper Resource Shutdown or Release vulnerability in Wago products
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools.
network
low complexity
wago CWE-404
5.3