CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41974 – WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41974
18 Nov 2024 — A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41973 – WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices
https://notcve.org/view.php?id=CVE-2024-41973
18 Nov 2024 — A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41972 – WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41972
18 Nov 2024 — A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41971 – WAGO: Arbitrary File Overwrite in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41971
18 Nov 2024 — A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41970 – WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41970
18 Nov 2024 — A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41969 – WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41969
18 Nov 2024 — A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41967 – WAGO: Boot Mode Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41967
18 Nov 2024 — A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41968 – WAGO: Docker Settings Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41968
18 Nov 2024 — A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •