CVSS: 8.2EPSS: 0%CPEs: 245EXPL: 0CVE-2021-34567 – WAGO I/O-Check Service prone to Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2021-34567
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. En WAGO I/O-Check Service en múltiples productos, un atacante remoto no autenticado puede enviar un paquete especialmente manipulado que contiene comandos del Sistema Operativo para provocar una Denegación de Servicio (DoS) y una lectura fuera de los límites limitada. • https://cert.vde.com/en/advisories/VDE-2020-036 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 245EXPL: 0CVE-2021-34566 – WAGO I/O-Check Service prone to Memory Overflow
https://notcve.org/view.php?id=CVE-2021-34566
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. En WAGO I/O-Check Service en varios productos, un atacante remoto no autenticado puede enviar un paquete especialmente manipulado que contiene comandos del Sistema Operativo para bloquear el proceso iocheck y escribir en la memoria, lo que resulta en pérdida de integridad y DoS. • https://cert.vde.com/en/advisories/VDE-2020-036 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 156EXPL: 0CVE-2022-3281 – WAGO: multiple products - Loss of MAC-Address-Filtering after reboot
https://notcve.org/view.php?id=CVE-2022-3281
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller en varias versiones son propensos a perder el filtrado de direcciones MAC tras el reinicio. Esto puede permitir a un atacante remoto omitir el alcance de la red que debería estar protegida por el filtro de direcciones MAC • https://cert.vde.com/en/advisories/VDE-2022-042 • CWE-440: Expected Behavior Violation •
CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0CVE-2022-22511 – WAGO PLCs WBM vulnerable to reflected XSS
https://notcve.org/view.php?id=CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. Varias páginas de configuración del dispositivo son vulnerables a ataques de tipo XSS (Cross-Site Scripting) reflejados. Un atacante autorizado con privilegios de usuario puede usar esto para conseguir acceso a información confidencial en un PC que sea conectado al WBM después de haber sido comprometido • https://cert.vde.com/en/advisories/VDE-2022-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-34581 – WAGO: Denial of Service vulnerability inside the OpenSSL implementation
https://notcve.org/view.php?id=CVE-2021-34581
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. Una vulnerabilidad de Falta de Liberación de Recursos después del Tiempo de Vida Efectivo en la implementación de OpenSSL de WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 en versiones FW4 hasta FW15, permite a un atacante no autenticado causar DoS en el dispositivo • https://cert.vde.com/en-us/advisories/vde-2021-038 • CWE-772: Missing Release of Resource after Effective Lifetime •