Lucene search

K
Wago750-8202 Firmware

27 matches found

CVE
CVE
added 2022/03/09 8:15 p.m.83 views

CVE-2022-22511

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

5.4CVSS5.4AI score0.00071EPSS
CVE
CVE
added 2022/11/09 4:15 p.m.71 views

CVE-2021-34566

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.

9.1CVSS9.4AI score0.00264EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.64 views

CVE-2021-34593

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing t...

7.5CVSS7.5AI score0.01595EPSS
CVE
CVE
added 2022/11/09 4:15 p.m.61 views

CVE-2021-34568

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

7.5CVSS7.6AI score0.00341EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.57 views

CVE-2021-30190

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

9.8CVSS9.4AI score0.00428EPSS
CVE
CVE
added 2022/11/09 4:15 p.m.57 views

CVE-2021-34567

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.

8.2CVSS8.2AI score0.0105EPSS
CVE
CVE
added 2022/11/09 4:15 p.m.53 views

CVE-2021-34569

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

9.8CVSS9.6AI score0.00084EPSS
CVE
CVE
added 2022/12/26 7:15 p.m.52 views

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

7.8CVSS7.8AI score0.00029EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.51 views

CVE-2021-34585

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

7.5CVSS7.4AI score0.00468EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.46 views

CVE-2021-30192

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

9.8CVSS9.4AI score0.00528EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.46 views

CVE-2021-34584

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

9.1CVSS9AI score0.00607EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.44 views

CVE-2021-30195

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

7.5CVSS8AI score0.00419EPSS
CVE
CVE
added 2023/06/26 7:15 a.m.44 views

CVE-2023-1619

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

4.9CVSS5.1AI score0.00172EPSS
CVE
CVE
added 2021/05/24 11:15 a.m.43 views

CVE-2021-21001

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

9.1CVSS7AI score0.00238EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.42 views

CVE-2021-30191

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

7.5CVSS8AI score0.00408EPSS
CVE
CVE
added 2021/05/24 11:15 a.m.41 views

CVE-2021-21000

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

7.5CVSS6.2AI score0.0013EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.41 views

CVE-2021-30189

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

9.8CVSS9.4AI score0.0057EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.40 views

CVE-2021-30193

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

9.8CVSS9.4AI score0.00528EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.40 views

CVE-2021-34595

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

8.1CVSS7.9AI score0.00473EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.39 views

CVE-2021-30186

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

7.5CVSS8AI score0.00453EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.39 views

CVE-2021-30188

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

9.8CVSS9.4AI score0.0057EPSS
CVE
CVE
added 2021/05/25 1:15 p.m.38 views

CVE-2021-30194

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

9.1CVSS9.3AI score0.00528EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.38 views

CVE-2021-34596

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

6.5CVSS6.2AI score0.00236EPSS
CVE
CVE
added 2023/06/26 7:15 a.m.38 views

CVE-2023-1620

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

4.9CVSS5.1AI score0.00126EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.37 views

CVE-2021-34583

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

7.5CVSS7.7AI score0.03822EPSS
CVE
CVE
added 2021/05/25 12:15 p.m.36 views

CVE-2021-30187

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

5.3CVSS6.3AI score0.00117EPSS
CVE
CVE
added 2021/10/26 10:15 a.m.36 views

CVE-2021-34586

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

7.5CVSS7.5AI score0.03292EPSS