CVE-2023-1150 – WAGO: Series 750-3x/-8x prone to MODBUS server DoS
https://notcve.org/view.php?id=CVE-2023-1150
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. • https://cert.vde.com/en/advisories/VDE-2023-005 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2021-34578 – WAGO: Authentication Vulnerability in Web-Based Management
https://notcve.org/view.php?id=CVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. Esta vulnerabilidad permite a un atacante que tenga acceso al WBM leer y escribir parámetros de configuración del dispositivo mediante el envío de peticiones específicamente construidas sin autenticación en múltiples PLCs de WAGO en versiones del firmware hasta FW07 • https://cert.vde.com/en-us/advisories/vde-2020-044 • CWE-287: Improper Authentication •