CVE-2023-1150 – WAGO: Series 750-3x/-8x prone to MODBUS server DoS
https://notcve.org/view.php?id=CVE-2023-1150
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. • https://cert.vde.com/en/advisories/VDE-2023-005 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2023-1620 – WAGO: DoS in multiple products in multiple versions using Codesys
https://notcve.org/view.php?id=CVE-2023-1620
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVE-2023-1619 – WAGO: DoS in multiple versions of multiple products
https://notcve.org/view.php?id=CVE-2023-1619
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation CWE-1288: Improper Validation of Consistency within Input •
CVE-2021-34578 – WAGO: Authentication Vulnerability in Web-Based Management
https://notcve.org/view.php?id=CVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. Esta vulnerabilidad permite a un atacante que tenga acceso al WBM leer y escribir parámetros de configuración del dispositivo mediante el envío de peticiones específicamente construidas sin autenticación en múltiples PLCs de WAGO en versiones del firmware hasta FW07 • https://cert.vde.com/en-us/advisories/vde-2020-044 • CWE-287: Improper Authentication •