Lucene search
+L

102 matches found

Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.7 views

PT-2023-13534 · Wago · Wago Series Pfc100 +13

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows a remote unauthenticated attacker to download a backup file, if one exists. This backup file might contain sensitive information like credentials and cryptographic materia...

5.9CVSS5.6AI score0.00625EPSS
Exploits0References4
NVD
NVD
added 2022/10/17 9:15 a.m.18 views

CVE-2022-3281

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter...

7.5CVSS0.00656EPSS
Exploits0References1
Prion
Prion
added 2022/10/17 9:15 a.m.26 views

Code injection

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter...

5CVSS7.4AI score0.00656EPSS
Exploits0References1Affected Software78
CVE
CVE
added 2022/10/17 8:20 a.m.74 views

CVE-2022-3281

CVE-2022-3281 affects WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller. The issue is a loss of MAC-address filtering after reboot, which can allow remote attackers to bypass the network access control intended by MAC filtering. Documents consistently...

7.5CVSS7.5AI score0.00656EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.9 views

PT-2022-6077 · Wago · Compact Controller Cc100 +3

Name of the Vulnerable Software and Affected Versions: WAGO PFC100/PFC200 versions affected versions not specified WAGO Touch Panel 600 versions affected versions not specified WAGO Compact Controller CC100 versions affected versions not specified WAGO Edge Controller versions affected versions n...

7.8CVSS7.5AI score0.00656EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/12/17 10:40 p.m.25 views

CVE-2020-12522 Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 750-81xx/xxx-xxx, Series PFC 200 750-82xx/xxx-xxx, Series Wago Touch Panel 600 Standard Line 762-4xxx, Series Wago Touch Panel 600 Advanced Line...

10CVSS9.4AI score0.02927EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/12 12:0 a.m.4 views

WAGO PFC100 and PFC200 Information Disclosure Vulnerability

The WAGO PFC 200 and WAGO PFC 100 are both programmable logic controllers PLCs from WAGO Germany. A security vulnerability exists in the Web-Based Management authentication feature in the WAGO PFC200 versions 03.00.3912 and 03.01.0713 and the WAGO PFC100 version 03.00.3912. The vulnerability can ...

7.5CVSS7AI score0.02199EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/12 12:0 a.m.7 views

WAGO PFC100 Resource Management Error Vulnerability

The WAGO PFC100 is a programmable logic controller PLC from WAGO Germany. A source management error vulnerability exists in the WAGO PFC100 funding, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.8AI score0.01759EPSS
Exploits1References1
NVD
NVD
added 2020/03/11 10:27 p.m.24 views

CVE-2019-5134

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...

7.5CVSS7.5AI score0.02199EPSS
Exploits1References1
NVD
NVD
added 2020/03/11 10:27 p.m.31 views

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

7.5CVSS7.4AI score0.01759EPSS
Exploits1References1
OSV
OSV
added 2020/03/11 10:27 p.m.7 views

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

7.5CVSS7.1AI score0.01759EPSS
Exploits1References1
NVD
NVD
added 2020/03/11 10:27 p.m.34 views

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

5.3CVSS5.3AI score0.01022EPSS
Exploits1References1
Prion
Prion
added 2020/03/11 10:27 p.m.24 views

Design/Logic Flaw

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...

5CVSS7.5AI score0.02199EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2020/03/11 10:27 p.m.21 views

Authentication flaw

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

5CVSS6AI score0.01022EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2020/03/10 11:41 p.m.23 views

CVE-2019-5134

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...

7.5AI score0.02199EPSS
Exploits1References1
CVE
CVE
added 2020/03/10 11:41 p.m.94 views

CVE-2019-5134

The CVE-2019-5134 issue affects WAGO PFC100/PFC200 Web-Based Management, where an exploitable regular-expression without anchors in the PasswordCorrect() path allows bypass of authentication filters. A crafted request can trigger a timing/disclosure vulnerability that may reveal or help reveal pa...

7.5CVSS7.4AI score0.02199EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/10 9:59 p.m.38 views

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

6AI score0.01022EPSS
Exploits1References1
CVE
CVE
added 2020/03/10 9:59 p.m.98 views

CVE-2019-5149

The CVE-2019-5149 issue affects WAGO PFC100 and PFC2000 devices running WBM over a lighttpd server with FastCGI. The default mod_fastcgi configuration limits concurrent php-cgi processes to two (min-procs 1, max-procs 2), enabling an attacker to exhaust resources and cause a denial of service of ...

7.5CVSS7.3AI score0.01759EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2020/03/09 12:0 a.m.114 views

WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service

Summary The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to “provide high performance for all Internet applications without the penalties of Web...

7.5CVSS7.8AI score0.01759EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.110 views

WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability

Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...

7.5CVSS7.9AI score0.02199EPSS
Exploits1
Rows per page
Query Builder