CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-12550 – WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
https://notcve.org/view.php?id=CVE-2019-12550
13 Jun 2019 — WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. WAGO 852-303 anterior de FW06, 852-1305 anterior de FW06 y 852-1505 antes de que los dispositivos FW03 contengan usuarios codificados y contraseñas que se pueden usar para iniciar sesión a través de SSH y TELNET The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in ... • https://packetstorm.news/files/id/153278 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 4%CPEs: 32EXPL: 0CVE-2019-10712
https://notcve.org/view.php?id=CVE-2019-10712
07 May 2019 — The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. Los dispositivos Web-GUI de las series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) y 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) de WAGO disponen de acceso a servicios no documentados. • http://www.securityfocus.com/bid/108482 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-10953
https://notcve.org/view.php?id=CVE-2019-10953
17 Apr 2019 — ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. En Controladores lógicos programables de ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - , versiones múltiples. Los investigadores han encontrado que algunos controladores son susceptibles a un ataque de Denegación de Servicio (DoS) debido a una inundación de paquetes de ... • http://www.securityfocus.com/bid/108413 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-16210
https://notcve.org/view.php?id=CVE-2018-16210
12 Oct 2018 — WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. Los dispositivos controladores Ethernet WAGO 750-88X y WAGO 750-89X, versiones 01.09.18 (13) y anteriores, tienen XSS en la configuración SNMP a traves del archivo webserv/cplcfg/snmp.ssi en los campos SNMP_DESC o SNMP_LOC_SNMP_CONT. • https://www.exploit-db.com/exploits/45581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 4CVE-2018-12979 – WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12979
11 Jul 2018 — An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. Se ha descubierto un problema en dispositivos WAGO e!DISPLAY 762-3000 hasta el 762-3003 con firmware en versiones anteriores a la FW 02. • https://packetstorm.news/files/id/148494 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 4CVE-2018-12980 – WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12980
11 Jul 2018 — An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. Se ha descubierto un problema en dispositivos WAGO e!DISPLAY 762-3000 hasta el 762-3003 con firmware en versiones anteriores a la FW 02. • https://packetstorm.news/files/id/148494 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 4CVE-2018-12981 – WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12981
11 Jul 2018 — An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser. Se ha descubierto un problema en dispositivos WAGO e! • https://packetstorm.news/files/id/148494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-8836
https://notcve.org/view.php?id=CVE-2018-8836
03 Apr 2018 — Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. Los PLC Wago 750 Series, con versiones de firmware 10 y anteriore... • http://www.securityfocus.com/bid/103726 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5459
https://notcve.org/view.php?id=CVE-2018-5459
13 Feb 2018 — An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. Se ha descubie... • https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9362
https://notcve.org/view.php?id=CVE-2016-9362
13 Feb 2017 — An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. Ha sido descubierto un problema en WAGO 750-8202/PFC200 anterior a FW04 (publicado en agosto de 2015), WAGO 750-881 anterior a FW09 (publicado en agosto de 2016) y WAGO 0758-0874-0000-0111. Acc... • http://www.securityfocus.com/bid/95074 • CWE-287: Improper Authentication •