Show filters
105 Total Results
Displaying 31-40 of 105
Sort by:
Attacker Value
Unknown

CVE-2022-3281

Disclosure Date: October 17, 2022 (last updated December 22, 2024)
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.
Attacker Value
Unknown

CVE-2022-22511

Disclosure Date: March 09, 2022 (last updated February 23, 2025)
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Attacker Value
Unknown

CVE-2021-34581

Disclosure Date: August 31, 2021 (last updated February 23, 2025)
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
Attacker Value
Unknown

CVE-2021-34578

Disclosure Date: August 31, 2021 (last updated February 23, 2025)
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
Attacker Value
Unknown

CVE-2021-21000

Disclosure Date: May 20, 2021 (last updated February 22, 2025)
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
Attacker Value
Unknown

CVE-2021-21001

Disclosure Date: May 20, 2021 (last updated February 22, 2025)
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Attacker Value
Unknown

CVE-2021-20994

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Attacker Value
Unknown

CVE-2021-20996

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
Attacker Value
Unknown

CVE-2021-20995

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
Attacker Value
Unknown

CVE-2021-20997

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.