CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2023-1620 – WAGO: DoS in multiple products in multiple versions using Codesys
https://notcve.org/view.php?id=CVE-2023-1620
26 Jun 2023 — Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2023-1619 – WAGO: DoS in multiple versions of multiple products
https://notcve.org/view.php?id=CVE-2023-1619
26 Jun 2023 — Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 7.8EPSS: 0%CPEs: 156EXPL: 0CVE-2022-3281 – WAGO: multiple products - Loss of MAC-Address-Filtering after reboot
https://notcve.org/view.php?id=CVE-2022-3281
17 Oct 2022 — WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller en varias versiones son propensos a perder el filtrado de direcciones MAC tras el reinicio. Esto puede permitir a un a... • https://cert.vde.com/en/advisories/VDE-2022-042 • CWE-440: Expected Behavior Violation •
CVSS: 9.1EPSS: 0%CPEs: 54EXPL: 0CVE-2021-21001 – WAGO: PFC200 Access to files outside the home directory
https://notcve.org/view.php?id=CVE-2021-21001
24 May 2021 — On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2021-21000 – WAGO: PFC200 Denial of Service due to the number of connections to the runtime
https://notcve.org/view.php?id=CVE-2021-21000
24 May 2021 — On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. En dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante con acceso de red al dispositivo podría causar una denegación de servicio para el servicio de inicio de sesión del tiempo de ejecución • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2020-12522 – Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
https://notcve.org/view.php?id=CVE-2020-12522
17 Dec 2020 — The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. La vulnerabilidad reportada permite a un atacante que tiene acceso de red al dispositivo ejecutar código con paque... • https://cert.vde.com/en-us/advisories/vde-2020-045 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0CVE-2018-5459
https://notcve.org/view.php?id=CVE-2018-5459
13 Feb 2018 — An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. Se ha descubie... • https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 • CWE-287: Improper Authentication •