CVE-2025-0101 WAGO: Year 2038 problem

A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart...

CVE-2018-25108

CVE-2018-25108 affects WAGO 750-8xx programmable logic controllers. An unauthenticated remote attacker can cause a DoS by triggering uncontrolled resource consumption in the controller, leading to unavailability. The threat context is network-based (no user interaction) with no privileges require...

CVE-2023-1698 WAGO: WBM Command Injection in multiple products

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise...

CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...

WAGO 缓冲区错误漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is a digital algorithmic operating electronics system designed specifically for applications in industrial environments. A buffer error vulnerability exists in the WAGO I/O-Check Service, which originates from a...

WAGO Cross-Site Scripting Vulnerability

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed specifically for applications in industrial environments where digital algorithms operate electronic systems. A cross-site scripting vulnerability exists in WAGO. The vulnerability stems from a lack ...