CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2025-25265 – Unauthenticated File Read via Web Interface
https://notcve.org/view.php?id=CVE-2025-25265
16 Jun 2025 — A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure. • https://certvde.com/en/advisories/VDE-2025-018 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2025-25264 – Overly Permissive CORS Policy in WAGO Device Manager
https://notcve.org/view.php?id=CVE-2025-25264
16 Jun 2025 — An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks. • https://certvde.com/en/advisories/VDE-2025-018 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2025-0101 – WAGO: Year 2038 problem
https://notcve.org/view.php?id=CVE-2025-0101
16 Apr 2025 — A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart. • https://cert.vde.com/en/advisories/VDE-2025-007 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2024-12650 – Wago: Vulnerability in libwagosnmp
https://notcve.org/view.php?id=CVE-2024-12650
05 Mar 2025 — An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications. Un atacante con pocos privilegios puede manipular el tamaño de memoria solicitado, lo que hace que la aplicación utilice un área de memoria no válida. Esto podría provocar un bloqueo de la aplicación, pero no afecta a otras aplicaciones. • https://cert.vde.com/en/advisories/VDE-2025-004 • CWE-252: Unchecked Return Value •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41969 – WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41969
18 Nov 2024 — A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41967 – WAGO: Boot Mode Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41967
18 Nov 2024 — A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41968 – WAGO: Docker Settings Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41968
18 Nov 2024 — A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •