Shodan
Vulnerabilities
Vulnerable Software
Wago:  Security Vulnerabilities
CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-03-09
CVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-31
CVE-2021-34581
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-08-31
CVE-2021-21000
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-05-24
CVE-2021-21001
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-05-24
CVE-2021-20995
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-05-13
CVE-2021-20996
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-05-13
CVE-2021-20997
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-05-13
CVE-2021-20998
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
CVSS Score
10.0
EPSS Score
0.001
Published
2021-05-13
CVE-2021-20993
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-05-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved