EUVD-2021-21228

Malware in sbrugna...

CVE-2022-22511 WAGO PLCs WBM vulnerable to reflected XSS

Various configuration pages of the device are vulnerable to reflected XSS Cross-Site Scripting attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised...

CVE-2021-34578

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07...

Authentication flaw

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07...

CVE-2021-34578

CVE-2021-34578 affects WAGO PLCs (e.g., firmware versions up to FW07) where an authentication issue in the WBM allows an attacker with access to read and write device settings by sending specially crafted requests. The vulnerability arises from improper authentication/authorization of settings-pa...

Wago Shell

Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...

Wago Shell

Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...