CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2023-1620 – WAGO: DoS in multiple products in multiple versions using Codesys
https://notcve.org/view.php?id=CVE-2023-1620
26 Jun 2023 — Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2023-1619 – WAGO: DoS in multiple versions of multiple products
https://notcve.org/view.php?id=CVE-2023-1619
26 Jun 2023 — Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVSS: 9.1EPSS: 0%CPEs: 54EXPL: 0CVE-2021-21001 – WAGO: PFC200 Access to files outside the home directory
https://notcve.org/view.php?id=CVE-2021-21001
24 May 2021 — On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. En los dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante autorizado con acceso de red al dispositivo puede acceder al sistema de archivos con mayores privilegios • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2021-21000 – WAGO: PFC200 Denial of Service due to the number of connections to the runtime
https://notcve.org/view.php?id=CVE-2021-21000
24 May 2021 — On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. En dispositivos WAGO PFC200 en diferentes versiones de firmware con paquetes especiales diseñados, un atacante con acceso de red al dispositivo podría causar una denegación de servicio para el servicio de inicio de sesión del tiempo de ejecución • https://cert.vde.com/en-us/advisories/vde-2021-014 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-12505 – WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
https://notcve.org/view.php?id=CVE-2020-12505
30 Sep 2020 — Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below. La vulnerabilidad de autenticación inadecuada en la serie WAGO 750-8XX con versión FW anteriores o iguales a FW07 permite a un atacante cambiar algunos parámetros especiales sin aut... • https://cert.vde.com/en-us/advisories/vde-2020-027 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 32EXPL: 0CVE-2019-10712
https://notcve.org/view.php?id=CVE-2019-10712
07 May 2019 — The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. Los dispositivos Web-GUI de las series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) y 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) de WAGO disponen de acceso a servicios no documentados. • http://www.securityfocus.com/bid/108482 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 3%CPEs: 16EXPL: 0CVE-2018-8836
https://notcve.org/view.php?id=CVE-2018-8836
03 Apr 2018 — Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. Los PLC Wago 750 Series, con versiones de firmware 10 y anteriore... • http://www.securityfocus.com/bid/103726 • CWE-404: Improper Resource Shutdown or Release •