Wago

750-8214 Firmware

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2023-1620

  • EPSS 0.13%
  • Veröffentlicht 26.06.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:33

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

4.9

CVE-2023-1619

  • EPSS 0.17%
  • Veröffentlicht 26.06.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:33

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

7.8

CVE-2020-12069

  • EPSS 0.03%
  • Veröffentlicht 26.12.2022 19:15:10
  • Zuletzt bearbeitet 05.05.2025 14:15:00

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to...

7.5

CVE-2022-3281

  • EPSS 0.18%
  • Veröffentlicht 17.10.2022 09:15:12
  • Zuletzt bearbeitet 21.11.2024 07:19:12

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that...

6.5

CVE-2021-34596

  • EPSS 0.24%
  • Veröffentlicht 26.10.2021 10:15:08
  • Zuletzt bearbeitet 15.08.2025 20:24:15

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

8.1

CVE-2021-34595

  • EPSS 0.47%
  • Veröffentlicht 26.10.2021 10:15:08
  • Zuletzt bearbeitet 15.08.2025 20:25:40

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

5

CVE-2021-34593

Exploit
  • EPSS 1.6%
  • Veröffentlicht 26.10.2021 10:15:08
  • Zuletzt bearbeitet 15.08.2025 20:25:58

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further comm...

7.5

CVE-2021-34586

Exploit
  • EPSS 3.29%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:04

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

5

CVE-2021-34585

Exploit
  • EPSS 0.47%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:31

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of se...

9.1

CVE-2021-34584

Exploit
  • EPSS 0.61%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:40

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.