The vulnerability of CODESYS V3 microprogramming software for WAGO controllers allows a hacker to gain full access to the controller or cause a service failure.

The vulnerability of CODESYS V3 microprogramming software for WAGO controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full access to the controller or cause service failures...

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in a number of WAGO products. The vulnerability stems from...

The vulnerability in the web-based interface for controlling WAGO PFC100/PFC200 programmable logic controllers, Edge Controllers, and WAGO Touch Panel 600 sensor panels allows a perpetrator to gain increased privileges.

The vulnerability of the web-based interface for controlling WAGO PFC100/PFC200 programmable logic controllers, Edge Controllers, and WAGO Touch Panel 600 sensors is related to errors in privilege management during control operations. Exploiting this vulnerability can allow attackers to gain...

The vulnerability of the microprogramming software for WAGO 750-3x and WAGO 750-8x programmable logic controllers allows a intruder to cause malfunctions during maintenance operations.

The vulnerability of the microprogrammed software in WAGO 750-3x and WAGO 750-8x programmable logic controllers is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system...

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

Three security vulnerabilities have been disclosed in operational technology OT products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL , which now comprises a total of 61 issues spanning 13 different vendors...

Wago Controllers OS Command Injection (CVE-2020-12522)

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 750-81xx/xxx-xxx, Series PFC 200 750-82xx/xxx-xxx, Series Wago Touch Panel 600 Standard Line 762-4xxx, Series Wago Touch Panel 600 Advanced Line...

The vulnerability of the server-side components of the web interface for controlling microprogrammed logic controllers like WAGO PFC100/PFC200, CC100, Edge Controller, as well as the microprogrammed software for sensor panels like WAGO Touch Panel 600, allows attackers to carry out cross-site scripting attacks.

The vulnerability in the server-side components of the web interface for controlling programmable logic controllers like WAGO PFC100/PFC200, CC100, Edge Controller, as well as the sensor panels such as WAGO Touch Panel 600, exists due to the lack of protective measures for the web page structure...

Wago PFC100/200 Web-Based Management Authentication Timing Information Disclosure (CVE-2019-5135)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2019-5135

WAGO PFC100/200 Web-Based Management (WBM) authentication timing information disclosure (CVE-2019-5135) is detailed in the TALOS entry. The vulnerability resides in the WBM login routine where the PHP crypt() function is used to generate a password hash for comparison, allowing an attacker to inf...

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

WAGO e!COCKPIT file path improper input validation vulnerability

Summary An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executi...

WAGO e!COCKPIT Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version...