CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5149
https://notcve.org/view.php?id=CVE-2019-5149
10 Mar 2020 — The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PF... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 67%CPEs: 11EXPL: 6CVE-2020-8597 – ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
https://notcve.org/view.php?id=CVE-2020-8597
03 Feb 2020 — eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del búfer de rhostname en las funciones eap_request y eap_response. A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. ... • https://packetstorm.news/files/id/156802 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2019-5082
https://notcve.org/view.php?id=CVE-2019-5082
08 Jan 2020 — An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer de la pila explotable en la fun... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0874 • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18202
https://notcve.org/view.php?id=CVE-2019-18202
19 Oct 2019 — Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. Una divulgación de información es posible en los dispositivos WAGO Series PFC100 y PFC200 versiones anteriores a FW12, debido a un control de acceso inapropiado. Un atacante remoto puede comprobar la existencia de rutas y nombres de archivos por medio de peticiones HTTP diseñadas. • https://cert.vde.com/de-de/advisories/vde-2019-017 •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-10953
https://notcve.org/view.php?id=CVE-2019-10953
17 Apr 2019 — ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. En Controladores lógicos programables de ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - , versiones múltiples. Los investigadores han encontrado que algunos controladores son susceptibles a un ataque de Denegación de Servicio (DoS) debido a una inundación de paquetes de ... • http://www.securityfocus.com/bid/108413 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •