Vulnerabilities > Wago > Touch Panel 600 Advanced Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-20 | CVE-2023-3379 | Incorrect Authorization vulnerability in Wago products Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. | 5.3 |
| 2023-02-27 | CVE-2022-45137 | Cross-site Scripting vulnerability in Wago products The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. | 6.1 |
| 2023-02-27 | CVE-2022-45139 | Origin Validation Error vulnerability in Wago products A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. | 5.3 |
| 2023-01-19 | CVE-2022-3738 | Missing Authentication for Critical Function vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. | 5.9 |