Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wago vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-12549
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
Wago 852-303 Firmware
Wago 852-1305 Firmware
Wago 852-1505 Firmware
10
CVSSv2
CVE-2019-12550
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
Wago 852-303 Firmware
Wago 852-1305 Firmware
Wago 852-1505 Firmware
5
CVSSv2
CVE-2019-5149
The WBM web application on firmwares before 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of ...
Wago Pfc200 Firmware 03.00.39(12)
Wago Pfc200 Firmware 03.01.07(13)
Wago Pfc100 Firmware 03.00.39(12)
Wago Pfc100 Firmware 03.01.07(13)
4.3
CVSSv2
CVE-2018-16210
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
Wago Wago 750-881 Ethernet Controller Devices Firmware 01.08.01(10)
Wago Wago 750-881 Ethernet Controller Devices Firmware 01.09.18(13)
6.4
CVSSv2
CVE-2016-9362
An issue exists in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view se...
Wago Pfc200 Firmware -
Wago 750-xxxx Series Firmware -
Wago 758-xxxx Series Firmware -
NA
CVE-2023-5188
The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart o...
Wago Telecontrol Configurator
Wago Wagoapprtu
7.5
CVSSv2
CVE-2019-5082
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can ...
Wago Pfc200 Firmware 03.00.39(12)
Wago Pfc200 Firmware 03.01.07(13)
Wago Pfc100 Firmware 03.00.39(12)
5
CVSSv2
CVE-2019-5134
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass...
Wago Pfc200 Firmware 03.00.39(12)
Wago Pfc200 Firmware 03.01.07(13)
Wago Pfc100 Firmware 03.00.39(12)
5
CVSSv2
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user cr...
Wago Pfc200 Firmware 03.00.39(12)
Wago Pfc200 Firmware 03.01.07(13)
Wago Pfc100 Firmware 03.00.39(12)
9
CVSSv2
CVE-2019-5155
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(1...
Wago Pfc200 Firmware 03.00.39(12)
Wago Pfc200 Firmware 03.01.07(13)
Wago Pfc200 Firmware 03.02.02(14)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »