Wago: >> 750-8202/025-000 Firmware Security Vulnerabilities
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-06-26
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-06-26
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-11-09
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-09
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.
CVSS Score
8.2
EPSS Score
0.008
Published
2022-11-09
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-11-09
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-03-09