32 matches found
WAGO Device Sphere 安全漏洞
WAGO Device Sphere is a device management system developed by the German company WAGO. There is a security vulnerability in WAGO Device Sphere, which stems from insufficient input validation. This vulnerability may allow for access to backend components through path traversal, potentially leading...
CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...
CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...
EUVD-2016-10172
Malware in sbrugna...
WAGO Device Sphere和WAGO Solution Builder 访问控制错误漏洞
WAGO Device Sphere and WAGO Solution Builder are products of WAGO, a device management system, and WAGO Solution Builder, a project configuration and engineering platform. An Access Control Error vulnerability exists in WAGO Device Sphere and WAGO Solution Builder, which stems from a lack of...
WAGO Device Sphere和WAGO Solution Builder 访问控制错误漏洞
WAGO Device Sphere and WAGO Solution Builder are products of WAGO, a device management system, and WAGO Solution Builder, a project configuration and engineering platform. An Access Control Error vulnerability exists in WAGO Device Sphere and WAGO Solution Builder. The vulnerability arises from...
Wago CODESYS V2 Web-Server Heap-based Buffer Overflow (CVE-2021-34583)
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...
CVE-2025-41672
CVE-2025-41672 affects WAGO Device Sphere. A remote unauthenticated attacker can use default certificates to generate JWT tokens, gaining full access to the tool and all connected devices. The connected documents confirm the vulnerability existence and impact but do not provide concrete details o...
WAGO Device Sphere 安全漏洞
WAGO Device Sphere is a device management system from WAGO Germany. A security vulnerability exists in WAGO Device Sphere, which can be exploited by a remote, unauthenticated attacker to generate a JWT token using default certificates to gain full access...
PT-2025-28136
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. Recommendations: At the moment, there is no...
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system...
CVE-2025-25264
CVE-2025-25264 describes an unauthenticated remote attack against WAGO Device Manager, where an attacker can trick an admin to visit a page containing malicious JavaScript. The root cause is an overly permissive CORS policy that allows access to files on the affected system, enabling potential di...
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system...
WAGO Device Manager 访问控制错误漏洞
WAGO Device Manager is owned by WAGO Germany. An access control error vulnerability exists in WAGO Device Manager that originates from an unauthenticated, remote attacker being able to read system files...
WAGO Device Manager 安全漏洞
WAGO Device Manager is a device manager software from WAGO. A security vulnerability exists in WAGO Device Manager that stems from the current overly lax CORS policy and could lead to the disclosure of sensitive data...
CVE-2019-5080
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A single packet can cause a denial of service and weaken credentials resulting in the...
WAGO Security Breach
WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed for use in industrial environments as an electronic system for the operation of digital algorithms. A security vulnerability exists in WAGO. An attacker could use this vulnerability to access an...
WAGO 输入验证错误漏洞
WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed for use in industrial environments where digital algorithms operate electronic systems. An input validation error vulnerability exists in the WAGO PFC200 Family, which can be exploited by an...