CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-41969 – WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41969
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2024-41967 – WAGO: Boot Mode Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41967
A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2024-41968 – WAGO: Docker Settings Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41968
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-25090 – Wago: Improper Neutralization of Input During Web Page Generation in multiple devices
https://notcve.org/view.php?id=CVE-2018-25090
An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability. Un atacante remoto no autenticado puede utilizar un ataque XSS debido a una neutralización inadecuada de la entrada durante la generación de la página web. Se requiere la interacción del usuario. • https://cert.vde.com/en/advisories/VDE-2023-039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5188 – WAGO Improper Input Validation in IEC61850 Server / Telecontrol
https://notcve.org/view.php?id=CVE-2023-5188
The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device. MMS Interpreter de WagoAppRTU en versiones inferiores a 1.4.6.0 que utiliza WAGO Telecontrol Configurator es vulnerable a paquetes con formato incorrecto. Un atacante remoto no autenticado podría enviar paquetes específicamente manipulados que conduzcan a una condición de denegación de servicio hasta que se reinicie el dispositivo afectado. • https://cert.vde.com/en/advisories/VDE-2023-044 • CWE-20: Improper Input Validation •