Shodan
Vulnerabilities
Vulnerable Software
Wago:  >> 750-8202  Security Vulnerabilities
CVE-2021-30192
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-05-25
CVE-2021-30193
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-05-25
CVE-2021-30194
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
CVSS Score
9.1
EPSS Score
0.005
Published
2021-05-25
CVE-2021-30195
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-05-25
CVE-2021-30187
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-05-25
CVE-2021-21000
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-05-24
CVE-2021-21001
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
CVSS Score
9.1
EPSS Score
0.002
Published
2021-05-24
CVE-2018-5459
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-02-13
CVE-2016-9362
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.
CVSS Score
9.1
EPSS Score
0.002
Published
2017-02-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved