Filtered by vendor Wago
Subscribe
Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12549 | 1 Wago | 6 852-1305, 852-1305 Firmware, 852-1505 and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key. | |||||
| CVE-2019-10953 | 5 Abb, Phoenixcontact, Schneider-electric and 2 more | 20 Pm554-tp-eth, Pm554-tp-eth Firmware, Ilc 151 Eth and 17 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. | |||||
| CVE-2019-10712 | 1 Wago | 32 750-330, 750-330 Firmware, 750-352 and 29 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. | |||||
| CVE-2019-12550 | 1 Wago | 6 852-1305, 852-1305 Firmware, 852-1505 and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. | |||||
| CVE-2018-16210 | 1 Wago | 2 Wago 750-881 Ethernet Controller Devices, Wago 750-881 Ethernet Controller Devices Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. | |||||
| CVE-2018-12980 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. | |||||
| CVE-2018-12981 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser. | |||||
| CVE-2018-12979 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. | |||||
| CVE-2018-5459 | 1 Wago | 19 750-8202, 750-8202\/025-000, 750-8202\/025-001 and 16 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. | |||||
| CVE-2018-8836 | 1 Wago | 16 750-829, 750-829 Firmware, 750-831 and 13 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. | |||||
| CVE-2015-6473 | 1 Wago | 4 750-849, 750-849 Firmware, 758-870 and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | |||||
| CVE-2015-6472 | 1 Wago | 6 750-849, 750-849 Firmware, 750-881 and 3 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. | |||||
| CVE-2016-9362 | 1 Wago | 7 750-8202, 750-881, 750-xxxx Series Firmware and 4 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. | |||||
| CVE-2012-3013 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2024-02-28 | 10.0 HIGH | N/A |
| WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. | |||||
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2024-02-28 | 10.0 HIGH | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | |||||