102 matches found
PT-2023-13534 · Wago · Wago Series Pfc100 +13
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows a remote unauthenticated attacker to download a backup file, if one exists. This backup file might contain sensitive information like credentials and cryptographic materia...
CVE-2022-3281
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter...
Code injection
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter...
CVE-2022-3281
CVE-2022-3281 affects WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller. The issue is a loss of MAC-address filtering after reboot, which can allow remote attackers to bypass the network access control intended by MAC filtering. Documents consistently...
PT-2022-6077 · Wago · Compact Controller Cc100 +3
Name of the Vulnerable Software and Affected Versions: WAGO PFC100/PFC200 versions affected versions not specified WAGO Touch Panel 600 versions affected versions not specified WAGO Compact Controller CC100 versions affected versions not specified WAGO Edge Controller versions affected versions n...
CVE-2020-12522 Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 750-81xx/xxx-xxx, Series PFC 200 750-82xx/xxx-xxx, Series Wago Touch Panel 600 Standard Line 762-4xxx, Series Wago Touch Panel 600 Advanced Line...
WAGO PFC100 and PFC200 Information Disclosure Vulnerability
The WAGO PFC 200 and WAGO PFC 100 are both programmable logic controllers PLCs from WAGO Germany. A security vulnerability exists in the Web-Based Management authentication feature in the WAGO PFC200 versions 03.00.3912 and 03.01.0713 and the WAGO PFC100 version 03.00.3912. The vulnerability can ...
WAGO PFC100 Resource Management Error Vulnerability
The WAGO PFC100 is a programmable logic controller PLC from WAGO Germany. A source management error vulnerability exists in the WAGO PFC100 funding, which can be exploited by an attacker to cause a denial of service...
CVE-2019-5134
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...
CVE-2019-5149
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...
CVE-2019-5149
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
Design/Logic Flaw
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...
Authentication flaw
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
CVE-2019-5134
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...
CVE-2019-5134
The CVE-2019-5134 issue affects WAGO PFC100/PFC200 Web-Based Management, where an exploitable regular-expression without anchors in the PasswordCorrect() path allows bypass of authentication filters. A crafted request can trigger a timing/disclosure vulnerability that may reveal or help reveal pa...
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
CVE-2019-5149
The CVE-2019-5149 issue affects WAGO PFC100 and PFC2000 devices running WBM over a lighttpd server with FastCGI. The default mod_fastcgi configuration limits concurrent php-cgi processes to two (min-procs 1, max-procs 2), enabling an attacker to exhaust resources and cause a denial of service of ...
WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service
Summary The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to “provide high performance for all Internet applications without the penalties of Web...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability
Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...