987 matches found
EUVD-2026-43297
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...
CVE-2026-4769
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...
CVE-2026-4769 Unauthenticated Access to Internal Diagnostic Interface
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...
WAGO - Remote Command Execution
In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise. id: CVE-2023-1698 info: name: WAGO - Remote Command Execution...
CVE-2024-1490
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
EUVD-2023-58146
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
Wago Smart Designer (versions up to 2.33.1) is vulnerable to an information disclosure vulnerability where a low-privileged remote attacker can enumerate projects and usernames by issuing iterative requests to a specific endpoint. This is documented in CVE-2023-5872 with a CVSS v3.1 base score of...
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
WAGO Smart Designer 安全漏洞
WAGO Smart Designer is a engineering design software developed by the German company WAGO. Versions of WAGO Smart Designer 2.33.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of certain endpoints to allow iterative requests, which may lead to the...
PT-2026-33255
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2024-1490
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
CVE-2024-1490 Wago: Vulnerability in WBM through Open VPN
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
CVE-2024-1490
CVE-2024-1490 affects WAGO PLCs via the web-based management interface (WBM) OpenVPN configuration. An authenticated remote attacker with high privileges can exploit the WBM to cause OpenVPN to execute arbitrary shell commands if user-defined scripts are allowed, enabling remote command execution...
CVE-2024-1490 Wago: Vulnerability in WBM through Open VPN
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
CVE-2024-1490
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
WAGO PLC 代码注入漏洞
WAGO PLC is a programmable logic controller developed by the German company WAGO. WAGO PLC has a code injection vulnerability, which stems from improper OpenVPN configuration. This vulnerability may lead to the execution of arbitrary commands...
PT-2026-31605
Name of the Vulnerable Software and Affected Versions WAGO PLC versions affected versions not specified Description An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are...