Wago

750-8202 Firmware

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2023-1620

  • EPSS 0.13%
  • Published 26.06.2023 07:15:09
  • Last modified 21.11.2024 07:39:33

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

4.9

CVE-2023-1619

  • EPSS 0.17%
  • Published 26.06.2023 07:15:09
  • Last modified 21.11.2024 07:39:33

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

7.8

CVE-2020-12069

  • EPSS 0.03%
  • Published 26.12.2022 19:15:10
  • Last modified 05.05.2025 14:15:00

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to...

9.8

CVE-2021-34569

  • EPSS 0.12%
  • Published 09.11.2022 16:15:12
  • Last modified 21.11.2024 06:10:43

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

7.5

CVE-2021-34568

  • EPSS 0.4%
  • Published 09.11.2022 16:15:12
  • Last modified 21.11.2024 06:10:42

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

8.2

CVE-2021-34567

  • EPSS 0.95%
  • Published 09.11.2022 16:15:11
  • Last modified 21.11.2024 06:10:42

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.

9.1

CVE-2021-34566

  • EPSS 0.31%
  • Published 09.11.2022 16:15:10
  • Last modified 21.11.2024 06:10:42

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.

5.4

CVE-2022-22511

  • EPSS 0.07%
  • Published 09.03.2022 20:15:08
  • Last modified 21.11.2024 06:46:55

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it ha...

6.5

CVE-2021-34596

  • EPSS 0.24%
  • Published 26.10.2021 10:15:08
  • Last modified 15.08.2025 20:24:15

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

8.1

CVE-2021-34595

  • EPSS 0.47%
  • Published 26.10.2021 10:15:08
  • Last modified 15.08.2025 20:25:40

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.