CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2023-1150 – WAGO: Series 750-3x/-8x prone to MODBUS server DoS
https://notcve.org/view.php?id=CVE-2023-1150
26 Jun 2023 — Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. • https://cert.vde.com/en/advisories/VDE-2023-005 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2023-1620 – WAGO: DoS in multiple products in multiple versions using Codesys
https://notcve.org/view.php?id=CVE-2023-1620
26 Jun 2023 — Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2023-1619 – WAGO: DoS in multiple versions of multiple products
https://notcve.org/view.php?id=CVE-2023-1619
26 Jun 2023 — Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-34578 – WAGO: Authentication Vulnerability in Web-Based Management
https://notcve.org/view.php?id=CVE-2021-34578
31 Aug 2021 — This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. Esta vulnerabilidad permite a un atacante que tenga acceso al WBM leer y escribir parámetros de configuración del dispositivo mediante el envío de peticiones específicamente construidas sin autenticación en múltiples PLCs de WAGO en versiones del firmware hasta FW07 • https://cert.vde.com/en-us/advisories/vde-2020-044 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 54EXPL: 0CVE-2021-21001 – WAGO: PFC200 Access to files outside the home directory
https://notcve.org/view.php?id=CVE-2021-21001
24 May 2021 — On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2021-21000 – WAGO: PFC200 Denial of Service due to the number of connections to the runtime
https://notcve.org/view.php?id=CVE-2021-21000
24 May 2021 — On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. En dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante con acceso de red al dispositivo podría causar una denegación de servicio para el servicio de inicio de sesión del tiempo de ejecución • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-12506 – WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
https://notcve.org/view.php?id=CVE-2020-12506
30 Sep 2020 — Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. La vulnerabilidad de autenticación inadecuada en la serie WAGO 750-8XX con versión FW versiones anteriores e iguales a FW03 permite ... • https://cert.vde.com/en-us/advisories/vde-2020-028 • CWE-306: Missing Authentication for Critical Function •