CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41672 – WAGO: Vulnerability in WAGO Device Sphere
https://notcve.org/view.php?id=CVE-2025-41672
07 Jul 2025 — A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. • https://cert.vde.com/en/advisories/VDE-2025-057 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2025-25265 – Unauthenticated File Read via Web Interface
https://notcve.org/view.php?id=CVE-2025-25265
16 Jun 2025 — A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure. • https://certvde.com/en/advisories/VDE-2025-018 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2025-25264 – Overly Permissive CORS Policy in WAGO Device Manager
https://notcve.org/view.php?id=CVE-2025-25264
16 Jun 2025 — An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks. • https://certvde.com/en/advisories/VDE-2025-018 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2025-1235 – WAGO: Switches affected by year 2k38 problem
https://notcve.org/view.php?id=CVE-2025-1235
02 Jun 2025 — A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970. • https://cert.vde.com/en/advisories/VDE-2025-020 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2025-0101 – WAGO: Year 2038 problem
https://notcve.org/view.php?id=CVE-2025-0101
16 Apr 2025 — A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart. • https://cert.vde.com/en/advisories/VDE-2025-007 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2024-12650 – Wago: Vulnerability in libwagosnmp
https://notcve.org/view.php?id=CVE-2024-12650
05 Mar 2025 — An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications. Un atacante con pocos privilegios puede manipular el tamaño de memoria solicitado, lo que hace que la aplicación utilice un área de memoria no válida. Esto podría provocar un bloqueo de la aplicación, pero no afecta a otras aplicaciones. • https://cert.vde.com/en/advisories/VDE-2025-004 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-25108 – WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption
https://notcve.org/view.php?id=CVE-2018-25108
16 Jan 2025 — An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. Un atacante remoto no autenticado puede provocar un DoS en el controlador debido al consumo descontrolado de recursos. An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. • https://cert.vde.com/en/advisories/VDE-2018-013 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41974 – WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41974
18 Nov 2024 — A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41973 – WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices
https://notcve.org/view.php?id=CVE-2024-41973
18 Nov 2024 — A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41972 – WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41972
18 Nov 2024 — A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •