Pfc200 Firmware Security Vulnerabilities and Issues — Pfc200 Firmware CVE List

Lucene search

WagoPfc200 Firmware

10 matches found

CVE•added 2020/03/11 10:27 p.m.•71 views

CVE-2019-5160

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthor...

9.1CVSS8.6AI score0.02165EPSS

CVE•added 2023/05/15 9:15 a.m.•71 views

CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

9.8CVSS9.4AI score0.93611EPSS

CVE•added 2020/06/11 2:15 p.m.•63 views

CVE-2020-6090

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger thi...

9CVSS7.3AI score0.01219EPSS

CVE•added 2020/03/11 10:27 p.m.•60 views

CVE-2019-5161

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges...

9.1CVSS9.4AI score0.04926EPSS

CVE•added 2023/02/27 3:15 p.m.•59 views

CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

9.8CVSS6.5AI score0.00214EPSS

CVE•added 2023/02/27 3:15 p.m.•59 views

CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

9.8CVSS10AI score0.01445EPSS

CVE•added 2018/02/13 9:29 p.m.•55 views

CVE-2018-5459

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker coul...

9.8CVSS9.6AI score0.00955EPSS

CVE•added 2020/03/11 10:27 p.m.•55 views

CVE-2019-5155

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.0...

9CVSS7.2AI score0.02459EPSS

CVE•added 2020/01/08 5:15 p.m.•46 views

CVE-2019-5082

An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer...

9.8CVSS9.7AI score0.01075EPSS

CVE•added 2017/02/13 9:59 p.m.•45 views

CVE-2016-9362

An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings with...

9.1CVSS8.9AI score0.00206EPSS