34 matches found
WAGO Device Sphere 安全漏洞
WAGO Device Sphere is a device management system developed by the German company WAGO. There is a security vulnerability in WAGO Device Sphere, which stems from insufficient input validation. This vulnerability may allow for access to backend components through path traversal, potentially leading...
CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...
CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...
EUVD-2016-10172
Malware in sbrugna...
WAGO Device Sphere和WAGO Solution Builder 访问控制错误漏洞
WAGO Device Sphere and WAGO Solution Builder are products of WAGO, a device management system, and WAGO Solution Builder, a project configuration and engineering platform. An Access Control Error vulnerability exists in WAGO Device Sphere and WAGO Solution Builder. The vulnerability arises from...
WAGO Device Sphere和WAGO Solution Builder 访问控制错误漏洞
WAGO Device Sphere and WAGO Solution Builder are products of WAGO, a device management system, and WAGO Solution Builder, a project configuration and engineering platform. An Access Control Error vulnerability exists in WAGO Device Sphere and WAGO Solution Builder, which stems from a lack of...
Wago CODESYS V2 Web-Server Heap-based Buffer Overflow (CVE-2021-34583)
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2025-41672
CVE-2025-41672 affects WAGO Device Sphere. A remote unauthenticated attacker can use default certificates to generate JWT tokens, gaining full access to the tool and all connected devices. The connected documents confirm the vulnerability existence and impact but do not provide concrete details o...
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...
WAGO Device Sphere 安全漏洞
WAGO Device Sphere is a device management system from WAGO Germany. A security vulnerability exists in WAGO Device Sphere, which can be exploited by a remote, unauthenticated attacker to generate a JWT token using default certificates to gain full access...
PT-2025-28136
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. Recommendations: At the moment, there is no...
The vulnerability of the WAGO Device Manager software in terms of controller configuration and parameter setting lies in the lack of authentication for critical functions. This allows attackers to gain unauthorized access to the file system.
The vulnerability of the WAGO Device Manager software for configuring and parameterizing controllers is related to the lack of authentication for critical functions. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the file system by sending...
The vulnerability of the WAGO Device Manager software in terms of configuration and parameter setting allows a malicious individual to gain unauthorized access to the file system. This vulnerability is related to errors in configuring CORS policies.
The vulnerability of the WAGO Device Manager software for configuring and parameterizing controllers is related to errors in configuring CORS policies. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the file system by sending specially crafted requests...
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system...
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system...
CVE-2025-25264
CVE-2025-25264 describes an unauthenticated remote attack against WAGO Device Manager, where an attacker can trick an admin to visit a page containing malicious JavaScript. The root cause is an overly permissive CORS policy that allows access to files on the affected system, enabling potential di...
WAGO Device Manager 安全漏洞
WAGO Device Manager is a device manager software from WAGO. A security vulnerability exists in WAGO Device Manager that stems from the current overly lax CORS policy and could lead to the disclosure of sensitive data...
WAGO Device Manager 访问控制错误漏洞
WAGO Device Manager is owned by WAGO Germany. An access control error vulnerability exists in WAGO Device Manager that originates from an unauthenticated, remote attacker being able to read system files...
CVE-2019-5080
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.0713 and 03.00.3912, and WAGO PFC100 Firmware version 03.00.3912. A single packet can cause a denial of service and weaken credentials resulting in the...