Wago: Security Vulnerabilities
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-31
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
CVSS Score
7.5
EPSS Score
0.017
Published
2021-08-31
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-05-25
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
CVSS Score
9.1
EPSS Score
0.005
Published
2021-05-25