CVE-2020-12516

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

CVE-2021-34585

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

CVE-2021-30195

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

CVE-2021-34581

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

CVE-2021-30191

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

CVE-2021-21000

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

CVE-2021-30186

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

CVE-2021-34583

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVE-2021-34586

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.