CVE-2023-3379

< 22

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the pas

5.3MEDIUM

CVE-2023-4089

>= 16 and <= 26

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to thr

2.7LOW

CVE-2023-1698

>= 20 and <= 23

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device

9.8CRITICAL

CVE-2022-45140

>= 16 and < 22

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could

9.8CRITICAL

CVE-2022-45139

>= 16 and < 22

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages

5.3MEDIUM

CVE-2022-45138

>= 16 and < 22

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users shou

9.8CRITICAL

CVE-2022-45137

>= 16 and < 22

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets t

6.1MEDIUM

CVE-2022-3738

>= 16 and <= 22

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contai

5.9MEDIUM

CVE-2020-12522

<= 10

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets

10.0CRITICAL

CVE-2019-5149

all versions

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lightt

7.5HIGH

CVE-2019-5135

all versions

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web a

5.3MEDIUM

CVE-2019-5134

all versions

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functional

7.5HIGH

CVE-2019-5082

all versions

An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware v

9.8CRITICAL

CVE-2019-5080

all versions

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware v

9.1CRITICAL

CVE-2019-5079

all versions

An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware

9.8CRITICAL

CVE-2019-5078

all versions

An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware ve

9.1CRITICAL

CVE-2019-5075

all versions

An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware ve

9.8CRITICAL

CVE-2019-5073

all versions

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware

5.3MEDIUM

CVE-2019-5081

all versions

An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmwa

9.8CRITICAL

CVE-2019-5077

all versions

An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 F

9.1CRITICAL

CVE-2019-5074

all versions

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmw

9.8CRITICAL

CVE-2019-10953

all versions

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have foun

7.5HIGH