MidnightBSD

Advisories for wago

CVE-2015-6472 MEDIUM

WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
wago 750-881_firmware 01.01.27
wago 758-870_firmware 01.01.27
wago 758-870_firmware 01.02.05
wago 750-881_firmware 01.02.05
wago 750-849_firmware 01.02.05
wago 750-849_firmware 01.01.27
CVE-2015-6473 HIGH

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
wago 758-870_firmware 01.01.27
wago 758-870_firmware 01.02.05
wago 750-849_firmware 01.01.27
CVE-2016-9362 MEDIUM

An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
wago 750-xxxx_series_firmware -
wago pfc200_firmware -
wago 758-xxxx_series_firmware -
CVE-2018-12979 MEDIUM

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
wago 762-3001_firmware *
wago 762-3000_firmware *
wago 762-3002_firmware *
wago 762-3003_firmware *
CVE-2018-12980 MEDIUM

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
wago 762-3001_firmware *
wago 762-3000_firmware *
wago 762-3002_firmware *
wago 762-3003_firmware *
CVE-2018-12981 LOW

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wago 762-3001_firmware *
wago 762-3000_firmware *
wago 762-3002_firmware *
wago 762-3003_firmware *
CVE-2018-16210 MEDIUM

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wago 750-352_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago wago_750-881_ethernet_controller_devices_firmware 01.09.18(13)
wago 750-862_firmware *
wago 750-881_firmware *
wago 750-880_firmware *
wago wago_750-881_ethernet_controller_devices_firmware 01.08.01(10)
wago 750-823_firmware *
wago 750-362_firmware *
wago 750-891_firmware *
wago 750-831_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-363_firmware *
CVE-2018-5459 HIGH

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
wago pfc200_firmware *
CVE-2018-8836 MEDIUM

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,CWE-404,

Products Affected

Vendor Product Version
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-885_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-852_firmware *
wago 750-881_firmware *
wago 750-880_firmware *
CVE-2019-10712 HIGH

The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
wago 750-352_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-884_firmware *
wago 750-873_firmware *
wago 750-830_firmware *
wago 750-881_firmware *
wago 750-880_firmware *
wago 750-330_firmware *
wago 750-871_firmware *
wago 750-885_firmware *
wago 750-831_firmware *
wago 750-849_firmware *
wago 750-872_firmware *
wago 750-882_firmware *
wago 750-852_firmware *
CVE-2019-10953 MEDIUM

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
wago pfc100_firmware -
schneider-electric modicon_m221_firmware *
wago bacnet/ip_firmware -
abb pm554-tp-eth_firmware -
siemens 6es7211-1ae40-0xb0_firmware -
phoenixcontact ilc_151_eth_firmware -
siemens 6ed1052-1cc01-0ba8_firmware -
siemens 6es7314-6eh04-0ab0_firmware -
wago ethernet_firmware -
wago knx_ip_firmware -
CVE-2019-12549 HIGH

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
wago 852-1505_firmware *
wago 852-303_firmware *
wago 852-1305_firmware *
CVE-2019-12550 HIGH

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
wago 852-1505_firmware *
wago 852-303_firmware *
wago 852-1305_firmware *
CVE-2019-18202 MEDIUM

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
wago pfc_firmware *
CVE-2019-5073 MEDIUM

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5074 HIGH

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5075 HIGH

An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5077 HIGH

An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5078 HIGH

An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5079 HIGH

An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5080 MEDIUM

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5081 HIGH

An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc_200_firmware 03.01.07(13)
wago pfc_200_firmware 03.00.39(12)
wago pfc_100_firmware 03.00.39(12)
CVE-2019-5082 HIGH

An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
wago pfc100_firmware 03.00.39(12)
CVE-2019-5106 LOW

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
wago e!cockpit 1.5.1.1
CVE-2019-5107 MEDIUM

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
wago e!cockpit 1.5.1.1
CVE-2019-5134 MEDIUM

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
wago pfc100_firmware 03.00.39(12)
CVE-2019-5135 MEDIUM

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
wago pfc100_firmware 03.00.39(12)
CVE-2019-5149 MEDIUM

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
wago pfc100_firmware 03.00.39(12)
wago pfc100_firmware 03.01.07(13)
CVE-2019-5155 HIGH

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
CVE-2019-5156 MEDIUM

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
CVE-2019-5157 MEDIUM

An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
CVE-2019-5158 MEDIUM

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
wago e!cockpit 1.6.1.5
CVE-2019-5159 MEDIUM

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
wago e!cockpit 1.6.0.7
CVE-2019-5160 MEDIUM

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
CVE-2019-5161 HIGH

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
wago pfc200_firmware 03.01.07(13)
wago pfc200_firmware 03.00.39(12)
CVE-2019-5166 MEDIUM

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5167 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5168 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5169 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=<contents of gateway node> using sprintf(). This command is later executed via a call to system().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5170 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=<contents of hostname node> using sprintf(). This command is later executed via a call to system().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5171 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5172 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=<contents of ntp node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5173 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5174 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=<contents of subnetmask node> using sprintf(). This command is later executed via a call to system().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5175 HIGH

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type=<contents of type node> using sprintf(). This command is later executed via a call to system().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5176 LOW

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5177 LOW

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5178 MEDIUM

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(‘/etc/config-tools/change_hostname hostname=‘) in length. A hostname value of length 0x3fd will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5179 MEDIUM

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5180 MEDIUM

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=‘) in length. A ip value of length 0x3da will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5181 MEDIUM

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5182 LOW

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5184 MEDIUM

An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5185 MEDIUM

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2019-5186 MEDIUM

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-787,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.02.02(14)
CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Products Affected

Vendor Product Version
wago 762-4203/8000-001_firmware *
wago 750-8207_firmware *
codesys control_v3_runtime_system_toolkit *
wago 750-8203_firmware *
wago 762-4204/8000-001_firmware *
wago 762-4301/8000-002_firmware *
festo controller_cecc-d_firmware 2.3.8.1
wago 762-5303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 762-5306/8000-002_firmware *
wago 750-8215_firmware *
festo controller_cecc-s_firmware 2.3.8.1
festo controller_cecc-lk_firmware 2.3.8.0
festo controller_cecc-s_firmware 2.3.8.0
codesys control_for_pfc200 *
wago 750-8102_firmware *
codesys hmi_v3 *
wago 762-4202/8000-001_firmware *
wago 762-6301/8000-002_firmware *
wago 750-8216_firmware *
wago 762-4206/8000-001_firmware *
codesys control_for_pfc100 *
wago 762-4206/8000-002_firmware *
wago 762-5205/8000-001_firmware *
codesys control_for_beaglebone *
wago 762-6302/8000-002_firmware *
codesys control_rte_v3 *
codesys v3_simulation_runtime *
codesys control_for_empc-a/imx6 *
wago 762-5203/8000-001_firmware *
wago 762-4304/8000-002_firmware *
wago 752-8303/8000-0002_firmware *
codesys control_for_plcnext *
wago 762-5204/8000-001_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
festo controller_cecc-lk_firmware 2.3.8.1
wago 762-6202/8000-001_firmware *
codesys control_win_v3 *
codesys control_for_linux *
wago 762-6304/8000-002_firmware *
wago 750-8206_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 750-8100_firmware *
wago 750-8212_firmware *
pilz pmc *
wago 762-4303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8217_firmware -
wago 762-6204/8000-001_firmware *
wago 762-4302/8000-002_firmware *
wago 762-4305/8000-002_firmware *
festo controller_cecc-d_firmware 2.3.8.0
wago 750-8204_firmware *
wago 750-8101_firmware *
wago 762-6203/8000-001_firmware *
wago 750-8213_firmware *
wago 762-4306/8000-002_firmware *
wago 762-6201/8000-001_firmware *
wago 750-8211_firmware *
wago 762-4205/8000-002_firmware *
wago 762-4205/8000-001_firmware *
codesys control_for_iot2000 *
codesys control_for_raspberry_pi *
wago 750-8210_firmware *
wago 762-4201/8000-001_firmware *
CVE-2020-12505 MEDIUM

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
info@cert.vde.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
wago 750-889_firmware *
wago 750-885_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-852_firmware *
wago 750-881_firmware *
wago 750-880_firmware *
CVE-2020-12506 MEDIUM

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
wago 750-823_firmware *
wago 750-362_firmware *
wago 750-890_firmware *
wago 750-891_firmware *
wago 750-862_firmware *
wago 750-832_firmware *
wago 750-363_firmware *
CVE-2020-12516 MEDIUM

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
wago 750-352_firmware *
wago 750-829_firmware *
wago 750-331_firmware *
wago 750-889_firmware *
wago 750-885_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-852_firmware *
wago 750-881_firmware *
wago 750-880_firmware *
CVE-2020-12522 HIGH

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago touch_panel_600_standard_firmware *
wago pfc_200_firmware *
wago touch_panel_600_advanced_firmware *
wago pfc_100_firmware *
CVE-2020-12525 MEDIUM

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
pepperl-fuchs io-link_master_firmware *
emerson rosemount_transmitter_interface_software -
wago fdtcontainer_component *
pepperl-fuchs pactware *
wago dtminspector_3 -
wago fdtcontainer_application *
weidmueller wi_manager *
CVE-2020-6090 HIGH

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
wago pfc200_firmware 03.03.10(15)
CVE-2020-8597 HIGH

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
wago pfc_firmware *
debian debian_linux 10.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04
point-to-point_protocol_project point-to-point_protocol *
debian debian_linux 9.0
canonical ubuntu_linux 14.04
CVE-2021-20993 MEDIUM

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
wago 0852-1505/000-001_firmware *
wago 0852-1505_firmware *
wago 0852-1305_firmware *
wago 0852-0303_firmware *
wago 0852-1305/000-001_firmware *
CVE-2021-20994 MEDIUM

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
wago 0852-1505/000-001_firmware *
wago 0852-1505_firmware *
wago 0852-1305_firmware *
wago 0852-0303_firmware *
wago 0852-1305/000-001_firmware *
CVE-2021-20995 MEDIUM

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
wago 0852-1505/000-001_firmware *
wago 0852-1505_firmware *
wago 0852-1305_firmware *
wago 0852-0303_firmware *
wago 0852-1305/000-001_firmware *
CVE-2021-20996 MEDIUM

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
wago 0852-1505/000-001_firmware *
wago 0852-1505_firmware *
wago 0852-1305_firmware *
wago 0852-0303_firmware *
wago 0852-1305/000-001_firmware *
CVE-2021-20997 MEDIUM

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
wago 0852-1505/000-001_firmware *
wago 0852-1505_firmware *
wago 0852-1305_firmware *
wago 0852-0303_firmware *
wago 0852-1305/000-001_firmware *
CVE-2021-20998 HIGH

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
info@cert.vde.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
wago 0852-1505/000-001_firmware *
wago 0852-1505_firmware *
wago 0852-1305_firmware *
wago 0852-0303_firmware *
wago 0852-1305/000-001_firmware *
CVE-2021-21000 MEDIUM

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-21001 MEDIUM

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30186 MEDIUM

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
codesys plcwinnt *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
codesys runtime_toolkit *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30187 MEDIUM

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
codesys runtime_toolkit *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30188 HIGH

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
codesys v2_runtime_system_sp *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30189 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
codesys v2_web_server *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30190 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
codesys v2_web_server *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30191 MEDIUM

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
codesys v2_web_server *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30192 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
codesys v2_web_server *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30193 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
codesys v2_web_server *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30194 MEDIUM

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
codesys v2_web_server *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-30195 MEDIUM

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
codesys plcwinnt *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
codesys runtime_toolkit *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-34566

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 762-4103_firmware *
wago 762-4203/8000-001_firmware *
wago 762-4301/8000-002_firmware *
wago 750-8202/000-012_firmware *
wago 762-4204/8000-001_firmware 18
wago 750-8202/040-000_firmware *
wago 762-4104_firmware *
wago 762-4202/8000-001_firmware *
wago 762-4203/8000-001_firmware 18
wago 762-5206/8000-001_firmware 18
wago 750-8202/040-000_firmware 18
wago 762-4301/8000-002_firmware 18
wago 762-4206/8000-001_firmware *
wago 762-4206/8000-002_firmware *
wago 762-5205/8000-001_firmware *
wago 762-5306/8000-002_firmware 18
wago 750-8202/000-022_firmware *
wago 762-6302/8000-002_firmware *
wago 750-8101_firmware 18
wago 762-4205/8000-001_firmware 18
wago 750-8202/000-011_firmware *
wago 762-4101_firmware 18
wago 762-4304/8000-002_firmware *
wago 762-5204/8000-001_firmware *
wago 750-8202_firmware *
wago 762-6202/8000-001_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 750-8100_firmware *
wago 762-4101_firmware *
wago 762-4103_firmware 18
wago 762-4202/8000-001_firmware 18
wago 762-4205/8000-002_firmware 18
wago 762-6202/8000-001_firmware 18
wago 762-5203/8000-001_firmware 18
wago 762-5304/8000-002_firmware 18
wago 762-6204/8000-001_firmware *
wago 750-8202/000-011_firmware 18
wago 762-4302/8000-002_firmware *
wago 762-4305/8000-002_firmware *
wago 762-5303/8000-002_firmware 18
wago 750-8202/000-012_firmware 18
wago 762-6304/8000-002_firmware 18
wago 750-8202_firmware 18
wago 750-8101/025-000_firmware 18
wago 762-4302/8000-002_firmware 18
wago 762-4104_firmware 18
wago 750-8202/000-022_firmware 18
wago 762-4306/8000-002_firmware 18
wago 752-8303/8000-002_firmware 18
wago 762-6201/8000-001_firmware *
wago 762-4205/8000-002_firmware *
wago 750-8102_firmware 18
wago 762-4201/8000-001_firmware 18
wago 762-4304/8000-002_firmware 18
wago 762-6302/8000-002_firmware 18
wago 762-4205/8000-001_firmware *
wago 750-8102/025-000_firmware *
wago 762-4206/8000-001_firmware 18
wago 762-4204/8000-001_firmware *
wago 752-8303/8000-002_firmware *
wago 750-8202/025-001_firmware *
wago 762-5303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 762-5306/8000-002_firmware *
wago 762-6204/8000-001_firmware 18
wago 750-8102_firmware *
wago 750-8202/025-001_firmware 18
wago 762-6301/8000-002_firmware *
wago 762-6303/8000-002_firmware 18
wago 762-4305/8000-002_firmware 18
wago 750-8202/040-001_firmware 18
wago 762-5204/8000-001_firmware 18
wago 762-5203/8000-001_firmware *
wago 762-5205/8000-001_firmware 18
wago 762-6301/8000-002_firmware 18
wago 750-8202/025-000_firmware 18
wago 762-6203/8000-001_firmware 18
wago 750-8202/025-002_firmware 18
wago 762-4102_firmware 18
wago 762-4102_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8101/025-000_firmware *
wago 762-5305/8000-002_firmware 18
wago 762-4206/8000-002_firmware 18
wago 762-6201/8000-001_firmware 18
wago 762-4303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8202/040-001_firmware *
wago 750-8101_firmware *
wago 750-8202/025-002_firmware *
wago 762-6203/8000-001_firmware *
wago 762-4303/8000-002_firmware 18
wago 762-4306/8000-002_firmware *
wago 750-8100_firmware 18
wago 750-8102/025-000_firmware 18
wago 762-4201/8000-001_firmware *
CVE-2021-34567

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 762-4103_firmware *
wago 762-4203/8000-001_firmware *
wago 762-4301/8000-002_firmware *
wago 750-8202/000-012_firmware *
wago 762-4204/8000-001_firmware 18
wago 750-8202/040-000_firmware *
wago 762-4104_firmware *
wago 762-4202/8000-001_firmware *
wago 762-4203/8000-001_firmware 18
wago 762-5206/8000-001_firmware 18
wago 750-8202/040-000_firmware 18
wago 762-4301/8000-002_firmware 18
wago 762-4206/8000-001_firmware *
wago 762-4206/8000-002_firmware *
wago 762-5205/8000-001_firmware *
wago 762-5306/8000-002_firmware 18
wago 750-8202/000-022_firmware *
wago 762-6302/8000-002_firmware *
wago 750-8101_firmware 18
wago 762-4205/8000-001_firmware 18
wago 750-8202/000-011_firmware *
wago 762-4101_firmware 18
wago 762-4304/8000-002_firmware *
wago 762-5204/8000-001_firmware *
wago 750-8202_firmware *
wago 762-6202/8000-001_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 750-8100_firmware *
wago 762-4101_firmware *
wago 762-4103_firmware 18
wago 762-4202/8000-001_firmware 18
wago 762-4205/8000-002_firmware 18
wago 762-6202/8000-001_firmware 18
wago 762-5203/8000-001_firmware 18
wago 762-5304/8000-002_firmware 18
wago 762-6204/8000-001_firmware *
wago 750-8202/000-011_firmware 18
wago 762-4302/8000-002_firmware *
wago 762-4305/8000-002_firmware *
wago 762-5303/8000-002_firmware 18
wago 750-8202/000-012_firmware 18
wago 762-6304/8000-002_firmware 18
wago 750-8202_firmware 18
wago 750-8101/025-000_firmware 18
wago 762-4302/8000-002_firmware 18
wago 762-4104_firmware 18
wago 750-8202/000-022_firmware 18
wago 762-4306/8000-002_firmware 18
wago 752-8303/8000-002_firmware 18
wago 762-6201/8000-001_firmware *
wago 762-4205/8000-002_firmware *
wago 750-8102_firmware 18
wago 762-4201/8000-001_firmware 18
wago 762-4304/8000-002_firmware 18
wago 762-6302/8000-002_firmware 18
wago 762-4205/8000-001_firmware *
wago 750-8102/025-000_firmware *
wago 762-4206/8000-001_firmware 18
wago 762-4204/8000-001_firmware *
wago 752-8303/8000-002_firmware *
wago 750-8202/025-001_firmware *
wago 762-5303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 762-5306/8000-002_firmware *
wago 762-6204/8000-001_firmware 18
wago 750-8102_firmware *
wago 750-8202/025-001_firmware 18
wago 762-6301/8000-002_firmware *
wago 762-6303/8000-002_firmware 18
wago 762-4305/8000-002_firmware 18
wago 750-8202/040-001_firmware 18
wago 762-5204/8000-001_firmware 18
wago 762-5203/8000-001_firmware *
wago 762-5205/8000-001_firmware 18
wago 762-6301/8000-002_firmware 18
wago 750-8202/025-000_firmware 18
wago 762-6203/8000-001_firmware 18
wago 750-8202/025-002_firmware 18
wago 762-4102_firmware 18
wago 762-4102_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8101/025-000_firmware *
wago 762-5305/8000-002_firmware 18
wago 762-4206/8000-002_firmware 18
wago 762-6201/8000-001_firmware 18
wago 762-4303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8202/040-001_firmware *
wago 750-8101_firmware *
wago 750-8202/025-002_firmware *
wago 762-6203/8000-001_firmware *
wago 762-4303/8000-002_firmware 18
wago 762-4306/8000-002_firmware *
wago 750-8100_firmware 18
wago 750-8102/025-000_firmware 18
wago 762-4201/8000-001_firmware *
CVE-2021-34568

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 762-4103_firmware *
wago 762-4203/8000-001_firmware *
wago 762-4301/8000-002_firmware *
wago 750-8202/000-012_firmware *
wago 762-4204/8000-001_firmware 18
wago 750-8202/040-000_firmware *
wago 762-4104_firmware *
wago 762-4202/8000-001_firmware *
wago 762-4203/8000-001_firmware 18
wago 762-5206/8000-001_firmware 18
wago 750-8202/040-000_firmware 18
wago 762-4301/8000-002_firmware 18
wago 762-4206/8000-001_firmware *
wago 762-4206/8000-002_firmware *
wago 762-5205/8000-001_firmware *
wago 762-5306/8000-002_firmware 18
wago 750-8202/000-022_firmware *
wago 762-6302/8000-002_firmware *
wago 750-8101_firmware 18
wago 762-4205/8000-001_firmware 18
wago 750-8202/000-011_firmware *
wago 762-4101_firmware 18
wago 762-4304/8000-002_firmware *
wago 762-5204/8000-001_firmware *
wago 750-8202_firmware *
wago 762-6202/8000-001_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 750-8100_firmware *
wago 762-4101_firmware *
wago 762-4103_firmware 18
wago 762-4202/8000-001_firmware 18
wago 762-4205/8000-002_firmware 18
wago 762-6202/8000-001_firmware 18
wago 762-5203/8000-001_firmware 18
wago 762-5304/8000-002_firmware 18
wago 762-6204/8000-001_firmware *
wago 750-8202/000-011_firmware 18
wago 762-4302/8000-002_firmware *
wago 762-4305/8000-002_firmware *
wago 762-5303/8000-002_firmware 18
wago 750-8202/000-012_firmware 18
wago 762-6304/8000-002_firmware 18
wago 750-8202_firmware 18
wago 750-8101/025-000_firmware 18
wago 762-4302/8000-002_firmware 18
wago 762-4104_firmware 18
wago 750-8202/000-022_firmware 18
wago 762-4306/8000-002_firmware 18
wago 752-8303/8000-002_firmware 18
wago 762-6201/8000-001_firmware *
wago 762-4205/8000-002_firmware *
wago 750-8102_firmware 18
wago 762-4201/8000-001_firmware 18
wago 762-4304/8000-002_firmware 18
wago 762-6302/8000-002_firmware 18
wago 762-4205/8000-001_firmware *
wago 750-8102/025-000_firmware *
wago 762-4206/8000-001_firmware 18
wago 762-4204/8000-001_firmware *
wago 752-8303/8000-002_firmware *
wago 750-8202/025-001_firmware *
wago 762-5303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 762-5306/8000-002_firmware *
wago 762-6204/8000-001_firmware 18
wago 750-8102_firmware *
wago 750-8202/025-001_firmware 18
wago 762-6301/8000-002_firmware *
wago 762-6303/8000-002_firmware 18
wago 762-4305/8000-002_firmware 18
wago 750-8202/040-001_firmware 18
wago 762-5204/8000-001_firmware 18
wago 762-5203/8000-001_firmware *
wago 762-5205/8000-001_firmware 18
wago 762-6301/8000-002_firmware 18
wago 750-8202/025-000_firmware 18
wago 762-6203/8000-001_firmware 18
wago 750-8202/025-002_firmware 18
wago 762-4102_firmware 18
wago 762-4102_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8101/025-000_firmware *
wago 762-5305/8000-002_firmware 18
wago 762-4206/8000-002_firmware 18
wago 762-6201/8000-001_firmware 18
wago 762-4303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8202/040-001_firmware *
wago 750-8101_firmware *
wago 750-8202/025-002_firmware *
wago 762-6203/8000-001_firmware *
wago 762-4303/8000-002_firmware 18
wago 762-4306/8000-002_firmware *
wago 750-8100_firmware 18
wago 750-8102/025-000_firmware 18
wago 762-4201/8000-001_firmware *
CVE-2021-34569

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 762-4103_firmware *
wago 762-4203/8000-001_firmware *
wago 762-4301/8000-002_firmware *
wago 750-8202/000-012_firmware *
wago 762-4204/8000-001_firmware 18
wago 750-8202/040-000_firmware *
wago 762-4104_firmware *
wago 762-4202/8000-001_firmware *
wago 762-4203/8000-001_firmware 18
wago 762-5206/8000-001_firmware 18
wago 750-8202/040-000_firmware 18
wago 762-4301/8000-002_firmware 18
wago 762-4206/8000-001_firmware *
wago 762-4206/8000-002_firmware *
wago 762-5205/8000-001_firmware *
wago 762-5306/8000-002_firmware 18
wago 750-8202/000-022_firmware *
wago 762-6302/8000-002_firmware *
wago 750-8101_firmware 18
wago 762-4205/8000-001_firmware 18
wago 750-8202/000-011_firmware *
wago 762-4101_firmware 18
wago 762-4304/8000-002_firmware *
wago 762-5204/8000-001_firmware *
wago 750-8202_firmware *
wago 762-6202/8000-001_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 750-8100_firmware *
wago 762-4101_firmware *
wago 762-4103_firmware 18
wago 762-4202/8000-001_firmware 18
wago 762-4205/8000-002_firmware 18
wago 762-6202/8000-001_firmware 18
wago 762-5203/8000-001_firmware 18
wago 762-5304/8000-002_firmware 18
wago 762-6204/8000-001_firmware *
wago 750-8202/000-011_firmware 18
wago 762-4302/8000-002_firmware *
wago 762-4305/8000-002_firmware *
wago 762-5303/8000-002_firmware 18
wago 750-8202/000-012_firmware 18
wago 762-6304/8000-002_firmware 18
wago 750-8202_firmware 18
wago 750-8101/025-000_firmware 18
wago 762-4302/8000-002_firmware 18
wago 762-4104_firmware 18
wago 750-8202/000-022_firmware 18
wago 762-4306/8000-002_firmware 18
wago 752-8303/8000-002_firmware 18
wago 762-6201/8000-001_firmware *
wago 762-4205/8000-002_firmware *
wago 750-8102_firmware 18
wago 762-4201/8000-001_firmware 18
wago 762-4304/8000-002_firmware 18
wago 762-6302/8000-002_firmware 18
wago 762-4205/8000-001_firmware *
wago 750-8102/025-000_firmware *
wago 762-4206/8000-001_firmware 18
wago 762-4204/8000-001_firmware *
wago 752-8303/8000-002_firmware *
wago 750-8202/025-001_firmware *
wago 762-5303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 762-5306/8000-002_firmware *
wago 762-6204/8000-001_firmware 18
wago 750-8102_firmware *
wago 750-8202/025-001_firmware 18
wago 762-6301/8000-002_firmware *
wago 762-6303/8000-002_firmware 18
wago 762-4305/8000-002_firmware 18
wago 750-8202/040-001_firmware 18
wago 762-5204/8000-001_firmware 18
wago 762-5203/8000-001_firmware *
wago 762-5205/8000-001_firmware 18
wago 762-6301/8000-002_firmware 18
wago 750-8202/025-000_firmware 18
wago 762-6203/8000-001_firmware 18
wago 750-8202/025-002_firmware 18
wago 762-4102_firmware 18
wago 762-4102_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8101/025-000_firmware *
wago 762-5305/8000-002_firmware 18
wago 762-4206/8000-002_firmware 18
wago 762-6201/8000-001_firmware 18
wago 762-4303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8202/040-001_firmware *
wago 750-8101_firmware *
wago 750-8202/025-002_firmware *
wago 762-6203/8000-001_firmware *
wago 762-4303/8000-002_firmware 18
wago 762-4306/8000-002_firmware *
wago 750-8100_firmware 18
wago 750-8102/025-000_firmware 18
wago 762-4201/8000-001_firmware *
CVE-2021-34578 MEDIUM

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
wago 750-890/025-000_firmware *
wago 750-832/000-002_firmware *
wago 750-890/040-000_firmware *
wago 750-893_firmware *
wago 750-862_firmware *
wago 750-890/025-002_firmware *
wago 750-823_firmware *
wago 750-362_firmware *
wago 750-890/025-001_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-363_firmware *
CVE-2021-34581 HIGH

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,CWE-772,

Products Affected

Vendor Product Version
wago 750-889_firmware *
wago 750-880/040-000_firmware *
wago 750-880/025-002_firmware *
wago 750-831/000-002_firmware *
wago 750-880/025-000_firmware *
wago 750-831_firmware *
wago 750-880/025-001_firmware *
wago 750-881_firmware *
wago 750-880_firmware *
CVE-2021-34583 MEDIUM

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
codesys codesys *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-34584 MEDIUM

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
codesys codesys *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-34585 MEDIUM

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
codesys codesys *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-34586 MEDIUM

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
codesys codesys *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-34593 MEDIUM

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
wago 750-8216_firmware *
wago 750-8207_firmware *
codesys plcwinnt *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-8204_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8212_firmware *
wago 750-8211_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
codesys runtime_toolkit *
wago 750-8217_firmware *
CVE-2021-34595 MEDIUM

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
info@cert.vde.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-823,CWE-119,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
codesys plcwinnt *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
codesys runtime_toolkit *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
codesys codesys *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2021-34596 MEDIUM

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
wago 750-8207_firmware *
codesys plcwinnt *
wago 750-8203_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-880_firmware *
wago 750-8212_firmware *
wago 750-823_firmware *
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
codesys runtime_toolkit *
wago 750-8217_firmware *
wago 750-8216_firmware *
wago 750-829_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-893_firmware *
wago 750-8204_firmware *
wago 750-881_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8211_firmware *
wago 750-831_firmware *
codesys codesys *
wago 750-882_firmware *
wago 750-8210_firmware *
wago 750-8202_firmware *
wago 750-8214_firmware *
CVE-2022-22511 LOW

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 762-6304/8000-002_firmware *
wago 752-8303/8000-002_firmware *
wago 750-8202/025-001_firmware *
wago 762-5305/8000-002_firmware *
wago 750-8101/025-000_firmware *
wago 750-8202/000-012_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 762-5306/8000-002_firmware *
wago 750-8100_firmware *
wago 750-8102_firmware *
wago 762-6301/8000-002_firmware *
wago 762-4305/8000-002_firmware *
wago 762-4206/8000-002_firmware *
wago 750-82_firmware *
wago 762-5205/8000-001_firmware *
wago 750-8101_firmware *
wago 750-8202/000-022_firmware *
wago 762-6302/8000-002_firmware *
wago 762-4306/8000-002_firmware *
wago 762-4205/8000-002_firmware *
wago 751-9301_firmware *
wago 750-8202_firmware *
wago 750-8102/025-000_firmware *
CVE-2022-3281

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
wago 762-4103_firmware *
wago 762-4203/8000-001_firmware *
wago 750-8213/040-010_firmware *
wago 750-8207_firmware *
wago 750-8212/025-001_firmware *
wago 762-4204/8000-001_firmware *
wago 762-4301/8000-002_firmware *
wago 752-8303/8000-002_firmware *
wago 762-5303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 750-8202/000-012_firmware *
wago 762-5306/8000-002_firmware *
wago 750-8215_firmware *
wago 750-8212/040-001_firmware *
wago 750-8216/040-000_firmware *
wago 750-8212/040-000_firmware *
wago 750-8102_firmware *
wago 750-8202/040-000_firmware *
wago 762-4104_firmware *
wago 762-4202/8000-001_firmware *
wago 762-6301/8000-002_firmware *
wago 750-8216_firmware *
wago 762-4206/8000-001_firmware *
wago 762-5205/8000-001_firmware *
wago 750-8216/025-000_firmware *
wago 750-8202/000-022_firmware *
wago 750-8217/025-000_firmware *
wago 762-6302/8000-002_firmware *
wago 750-8216/025-001_firmware *
wago 750-8206/025-000_firmware *
wago 762-5203/8000-001_firmware *
wago 750-8202/000-011_firmware *
wago 750-8207/025-000_firmware *
wago 762-4304/8000-002_firmware *
wago 762-5204/8000-001_firmware *
wago 750-8214_firmware *
wago 762-6202/8000-001_firmware *
wago 762-4102_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8211/040-000_firmware *
wago 750-8212/025-002_firmware *
wago 750-8206_firmware *
wago 750-8101/025-000_firmware *
wago 750-8210/040-000_firmware *
wago 750-8212/040-010_firmware *
wago 762-5206/8000-001_firmware *
wago 762-6303/8000-002_firmware *
wago 750-8100_firmware *
wago 750-8212_firmware *
wago 750-8208/025-000_firmware *
wago 762-4101_firmware *
wago 750-8217/600-000_firmware *
wago 762-4303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8206/025-001_firmware *
wago 750-8217_firmware *
wago 762-6204/8000-001_firmware *
wago 762-4302/8000-002_firmware *
wago 750-8212/000-100_firmware *
wago 750-8101/000-010_firmware *
wago 750-8101_firmware *
wago 750-8206/040-000_firmware *
wago 762-6203/8000-001_firmware *
wago 750-8206/040-001_firmware *
wago 750-8217/625-000_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 762-6201/8000-001_firmware *
wago 750-8211_firmware *
wago 750-8212/025-000_firmware *
wago 750-8207/025-001_firmware *
wago 750-8210/025-000_firmware *
wago 751-9301_firmware *
wago 750-8208/025-001_firmware *
wago 762-4205/8000-001_firmware *
wago 750-8210_firmware *
wago 762-4201/8000-001_firmware *
wago 750-8102/025-000_firmware *
CVE-2022-3738

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago cc100_firmware *
wago pfc100_firmware *
wago edge_controller_firmware *
wago touch_panel_600_standard_firmware *
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
CVE-2022-3843

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
wago 852-111/000-001_firmware 01
CVE-2022-45137

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago pfc100_firmware *
wago 752-8303/8000-002_firmware 22
wago 752-8303/8000-002_firmware *
wago touch_panel_600_standard_firmware *
wago touch_panel_600_standard_firmware 23
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
wago pfc100_firmware 23
wago 751-9301_firmware 23
wago pfc200_firmware 22
wago 751-9301_firmware 22
wago pfc100_firmware 22
wago 752-8303/8000-002_firmware 23
wago pfc200_firmware 23
wago touch_panel_600_marine_firmware 23
wago 751-9301_firmware *
wago touch_panel_600_advanced_firmware 23
wago touch_panel_600_marine_firmware 22
wago touch_panel_600_standard_firmware 22
wago touch_panel_600_advanced_firmware 22
CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago pfc100_firmware *
wago 752-8303/8000-002_firmware 22
wago 752-8303/8000-002_firmware *
wago touch_panel_600_standard_firmware *
wago touch_panel_600_standard_firmware 23
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
wago pfc100_firmware 23
wago 751-9301_firmware 23
wago pfc200_firmware 22
wago 751-9301_firmware 22
wago pfc100_firmware 22
wago 752-8303/8000-002_firmware 23
wago pfc200_firmware 23
wago touch_panel_600_marine_firmware 23
wago 751-9301_firmware *
wago touch_panel_600_advanced_firmware 23
wago touch_panel_600_marine_firmware 22
wago touch_panel_600_standard_firmware 22
wago touch_panel_600_advanced_firmware 22
CVE-2022-45139

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago pfc100_firmware *
wago 752-8303/8000-002_firmware 22
wago 752-8303/8000-002_firmware *
wago touch_panel_600_standard_firmware *
wago touch_panel_600_standard_firmware 23
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
wago pfc100_firmware 23
wago 751-9301_firmware 23
wago pfc200_firmware 22
wago 751-9301_firmware 22
wago pfc100_firmware 22
wago 752-8303/8000-002_firmware 23
wago pfc200_firmware 23
wago touch_panel_600_marine_firmware 23
wago 751-9301_firmware *
wago touch_panel_600_advanced_firmware 23
wago touch_panel_600_marine_firmware 22
wago touch_panel_600_standard_firmware 22
wago touch_panel_600_advanced_firmware 22
CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago pfc100_firmware *
wago 752-8303/8000-002_firmware 22
wago 752-8303/8000-002_firmware *
wago touch_panel_600_standard_firmware *
wago touch_panel_600_standard_firmware 23
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
wago pfc100_firmware 23
wago 751-9301_firmware 23
wago pfc200_firmware 22
wago 751-9301_firmware 22
wago pfc100_firmware 22
wago 752-8303/8000-002_firmware 23
wago pfc200_firmware 23
wago touch_panel_600_marine_firmware 23
wago 751-9301_firmware *
wago touch_panel_600_advanced_firmware 23
wago touch_panel_600_marine_firmware 22
wago touch_panel_600_standard_firmware 22
wago touch_panel_600_advanced_firmware 22
CVE-2023-1150

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
wago 750-890/025-000_firmware *
wago 750-832/000-002_firmware *
wago 750-362/040-000_firmware *
wago 750-890_firmware *
wago 750-890/040-000_firmware *
wago 750-893_firmware *
wago 750-862_firmware *
wago 750-890/025-002_firmware *
wago 750-363/040-000_firmware *
wago 750-823_firmware *
wago 750-365/040-010_firmware *
wago 750-362_firmware *
wago 750-890/025-001_firmware *
wago 750-891_firmware *
wago 750-364/040-010_firmware *
wago 750-832_firmware *
wago 750-363_firmware *
wago 750-362/000-001_firmware *
CVE-2023-1619

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 750-8213/040-010_firmware *
wago 750-8207_firmware *
wago 750-880/040-000_firmware *
wago 750-8212/025-002_firmware fw22
wago 750-8208/025-000_firmware fw22
wago 750-8203_firmware *
wago 750-8203_firmware fw22
wago 750-8202/000-012_firmware *
wago 750-8202/025-001_firmware fw22
wago 750-880_firmware *
wago 750-8215_firmware *
wago 750-8216/040-000_firmware *
wago 750-8202/040-000_firmware *
wago 750-8216_firmware *
wago 750-890/025-000_firmware *
wago 750-8211/040-000_firmware fw22
wago 750-8203/025-000_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8206/025-001_firmware fw22
wago 750-885/025-000_firmware *
wago 750-8216/040-000_firmware fw22
wago 750-890/025-002_firmware *
wago 750-8202/000-011_firmware fw22
wago 750-8202/000-022_firmware *
wago 750-8217/025-000_firmware *
wago 750-890/025-001_firmware *
wago 750-8202/000-011_firmware *
wago 750-8207/025-000_firmware *
wago 750-8210/040-000_firmware fw22
wago 750-8202_firmware *
wago 750-880/025-001_firmware *
wago 750-8207/025-000_firmware fw22
wago 750-8204/025-000_firmware fw22
wago 750-8216_firmware fw22
wago 750-832/000-002_firmware *
wago 750-862_firmware *
wago 750-8202/040-000_firmware fw22
wago 750-8217/025-000_firmware fw22
wago 750-8206/025-001_firmware *
wago 750-8212/025-001_firmware fw22
wago 750-8207/025-001_firmware fw22
wago 750-890/040-000_firmware *
wago 750-8217/625-000_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8217_firmware fw22
wago 750-8210/025-000_firmware *
wago 750-8202/000-012_firmware fw22
wago 750-880/025-000_firmware *
wago 750-8208/025-001_firmware *
wago 750-882_firmware *
wago 750-8204/025-000_firmware *
wago 750-8206/040-000_firmware fw22
wago 750-8211_firmware fw22
wago 750-8212/025-001_firmware *
wago 750-8213_firmware fw22
wago 750-8202/025-000_firmware fw22
wago 750-8206_firmware fw22
wago 750-8202/025-001_firmware *
wago 750-8211/040-001_firmware fw22
wago 750-8212/040-001_firmware *
wago 750-8203/025-000_firmware fw22
wago 750-8206/040-001_firmware fw22
wago 750-880/025-002_firmware *
wago 750-8212/040-000_firmware *
wago 750-8212/040-001_firmware fw22
wago 750-8207_firmware fw22
wago 750-8202/025-002_firmware fw22
wago 750-893_firmware *
wago 750-8216/025-000_firmware *
wago 750-8215_firmware fw22
wago 750-881_firmware *
wago 750-8212/040-000_firmware fw22
wago 750-8216/025-001_firmware *
wago 750-8202_firmware fw22
wago 750-8216/025-001_firmware fw22
wago 750-8206/025-000_firmware *
wago 750-831/000-002_firmware *
wago 750-8212/040-010_firmware fw22
wago 750-8206/025-000_firmware fw22
wago 750-8214_firmware *
wago 750-331_firmware *
wago 750-8202/000-022_firmware fw22
wago 750-8211/040-000_firmware *
wago 750-8210/025-000_firmware fw22
wago 750-8212/025-002_firmware *
wago 750-8206_firmware *
wago 750-8210/040-000_firmware *
wago 750-8212/040-010_firmware *
wago 750-8213/040-010_firmware fw22
wago 750-8212/025-000_firmware fw22
wago 750-8212_firmware *
wago 750-8208/025-000_firmware *
wago 750-823_firmware *
wago 750-8214_firmware fw22
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-8217/600-000_firmware *
wago 750-832_firmware *
wago 750-8217/625-000_firmware fw22
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-829_firmware *
wago 750-8208/025-001_firmware fw22
wago 750-8210_firmware fw22
wago 750-8208_firmware fw22
wago 750-8212/000-100_firmware *
wago 750-8216/025-000_firmware fw22
wago 750-8202/040-001_firmware *
wago 750-8204_firmware *
wago 750-8217/600-000_firmware fw22
wago 750-8202/025-002_firmware *
wago 750-8206/040-000_firmware *
wago 750-8206/040-001_firmware *
wago 750-8204_firmware fw22
wago 750-8212_firmware fw22
wago 750-8211_firmware *
wago 750-8211/040-001_firmware *
wago 750-8212/025-000_firmware *
wago 750-8207/025-001_firmware *
wago 750-831_firmware *
wago 750-8212/000-100_firmware fw22
wago 750-8210_firmware *
wago 750-8202/040-001_firmware fw22
CVE-2023-1620

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
wago 750-8202/025-000_firmware *
wago 750-8213/040-010_firmware *
wago 750-8207_firmware *
wago 750-880/040-000_firmware *
wago 750-8212/025-002_firmware fw22
wago 750-8208/025-000_firmware fw22
wago 750-8203_firmware *
wago 750-8203_firmware fw22
wago 750-8202/000-012_firmware *
wago 750-8202/025-001_firmware fw22
wago 750-880_firmware *
wago 750-8215_firmware *
wago 750-8216/040-000_firmware *
wago 750-8202/040-000_firmware *
wago 750-8216_firmware *
wago 750-890/025-000_firmware *
wago 750-8211/040-000_firmware fw22
wago 750-8203/025-000_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8206/025-001_firmware fw22
wago 750-885/025-000_firmware *
wago 750-8216/040-000_firmware fw22
wago 750-890/025-002_firmware *
wago 750-8202/000-011_firmware fw22
wago 750-8202/000-022_firmware *
wago 750-8217/025-000_firmware *
wago 750-890/025-001_firmware *
wago 750-8202/000-011_firmware *
wago 750-8207/025-000_firmware *
wago 750-8210/040-000_firmware fw22
wago 750-8202_firmware *
wago 750-880/025-001_firmware *
wago 750-8207/025-000_firmware fw22
wago 750-8204/025-000_firmware fw22
wago 750-8216_firmware fw22
wago 750-832/000-002_firmware *
wago 750-862_firmware *
wago 750-8202/040-000_firmware fw22
wago 750-8217/025-000_firmware fw22
wago 750-8206/025-001_firmware *
wago 750-8212/025-001_firmware fw22
wago 750-8207/025-001_firmware fw22
wago 750-890/040-000_firmware *
wago 750-8217/625-000_firmware *
wago 750-8208_firmware *
wago 750-8213_firmware *
wago 750-8217_firmware fw22
wago 750-8210/025-000_firmware *
wago 750-8202/000-012_firmware fw22
wago 750-880/025-000_firmware *
wago 750-8208/025-001_firmware *
wago 750-882_firmware *
wago 750-8204/025-000_firmware *
wago 750-8206/040-000_firmware fw22
wago 750-8211_firmware fw22
wago 750-8212/025-001_firmware *
wago 750-8213_firmware fw22
wago 750-8202/025-000_firmware fw22
wago 750-8206_firmware fw22
wago 750-8202/025-001_firmware *
wago 750-8211/040-001_firmware fw22
wago 750-8212/040-001_firmware *
wago 750-8203/025-000_firmware fw22
wago 750-8206/040-001_firmware fw22
wago 750-880/025-002_firmware *
wago 750-8212/040-000_firmware *
wago 750-8212/040-001_firmware fw22
wago 750-8207_firmware fw22
wago 750-8202/025-002_firmware fw22
wago 750-893_firmware *
wago 750-8216/025-000_firmware *
wago 750-8215_firmware fw22
wago 750-881_firmware *
wago 750-8212/040-000_firmware fw22
wago 750-8216/025-001_firmware *
wago 750-8202_firmware fw22
wago 750-8216/025-001_firmware fw22
wago 750-8206/025-000_firmware *
wago 750-831/000-002_firmware *
wago 750-8212/040-010_firmware fw22
wago 750-8206/025-000_firmware fw22
wago 750-8214_firmware *
wago 750-331_firmware *
wago 750-8202/000-022_firmware fw22
wago 750-8211/040-000_firmware *
wago 750-8210/025-000_firmware fw22
wago 750-8212/025-002_firmware *
wago 750-8206_firmware *
wago 750-8210/040-000_firmware *
wago 750-8212/040-010_firmware *
wago 750-8213/040-010_firmware fw22
wago 750-8212/025-000_firmware fw22
wago 750-8212_firmware *
wago 750-8208/025-000_firmware *
wago 750-823_firmware *
wago 750-8214_firmware fw22
wago 750-885_firmware *
wago 750-891_firmware *
wago 750-8217/600-000_firmware *
wago 750-832_firmware *
wago 750-8217/625-000_firmware fw22
wago 750-852_firmware *
wago 750-8217_firmware *
wago 750-829_firmware *
wago 750-8208/025-001_firmware fw22
wago 750-8210_firmware fw22
wago 750-8208_firmware fw22
wago 750-8212/000-100_firmware *
wago 750-8216/025-000_firmware fw22
wago 750-8202/040-001_firmware *
wago 750-8204_firmware *
wago 750-8217/600-000_firmware fw22
wago 750-8202/025-002_firmware *
wago 750-8206/040-000_firmware *
wago 750-8206/040-001_firmware *
wago 750-8204_firmware fw22
wago 750-8212_firmware fw22
wago 750-8211_firmware *
wago 750-8211/040-001_firmware *
wago 750-8212/025-000_firmware *
wago 750-8207/025-001_firmware *
wago 750-831_firmware *
wago 750-8212/000-100_firmware fw22
wago 750-8210_firmware *
wago 750-8202/040-001_firmware fw22
CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wago edge_controller_firmware 22
wago pfc100_firmware *
wago pfc200_firmware *
wago touch_panel_600_marine_firmware 22
wago touch_panel_600_standard_firmware 22
wago touch_panel_600_advanced_firmware 22
wago compact_controller_100_firmware *
CVE-2023-3379

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago pfc100_firmware 22
wago pfc200_firmware 23
wago pfc100_firmware *
wago edge_controller_firmware *
wago touch_panel_600_standard_firmware *
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
wago pfc200_firmware 22
wago compact_controller_100_firmware *
wago pfc200_firmware 24
CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
wago touch_panel_600_marine_firmware *
wago pfc100_firmware *
wago edge_controller_firmware *
wago touch_panel_600_standard_firmware *
wago pfc200_firmware *
wago touch_panel_600_advanced_firmware *
wago compact_controller_100_firmware *
CVE-2023-4149

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wago 0852-0603_firmware *
wago 0852-1605_firmware *
wago 0852-0602_firmware *
CVE-2023-5188

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
wago telecontrol_configurator *
wago wagoapprtu *
CVE-2025-41730

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wago 0852-1328_firmware *
wago 0852-1322_firmware *
CVE-2025-41732

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wago 0852-1328_firmware *
wago 0852-1322_firmware *