Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance.

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.