CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2024-12650 – Wago: Vulnerability in libwagosnmp
https://notcve.org/view.php?id=CVE-2024-12650
05 Mar 2025 — An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications. Un atacante con pocos privilegios puede manipular el tamaño de memoria solicitado, lo que hace que la aplicación utilice un área de memoria no válida. Esto podría provocar un bloqueo de la aplicación, pero no afecta a otras aplicaciones. • https://cert.vde.com/en/advisories/VDE-2025-004 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-25108 – WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption
https://notcve.org/view.php?id=CVE-2018-25108
16 Jan 2025 — An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. Un atacante remoto no autenticado puede provocar un DoS en el controlador debido al consumo descontrolado de recursos. An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. • https://cert.vde.com/en/advisories/VDE-2018-013 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41974 – WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41974
18 Nov 2024 — A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41973 – WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices
https://notcve.org/view.php?id=CVE-2024-41973
18 Nov 2024 — A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41972 – WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41972
18 Nov 2024 — A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41971 – WAGO: Arbitrary File Overwrite in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41971
18 Nov 2024 — A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-41970 – WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41970
18 Nov 2024 — A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41969 – WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41969
18 Nov 2024 — A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41967 – WAGO: Boot Mode Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41967
18 Nov 2024 — A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-41968 – WAGO: Docker Settings Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41968
18 Nov 2024 — A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •