Search
Search Results (18 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50926 | 1 Wago | 2 750-8212, Pfc200 | 2026-04-15 | 9.8 Critical |
| WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication. | ||||
| CVE-2021-30187 | 2 Codesys, Wago | 55 Runtime Toolkit, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 5.3 Medium |
| CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | ||||
| CVE-2021-30195 | 2 Codesys, Wago | 56 Plcwinnt, Runtime Toolkit, 750-8202 and 53 more | 2025-08-15 | 7.5 High |
| CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. | ||||
| CVE-2021-34583 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 High |
| Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | ||||
| CVE-2021-34584 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 9.1 Critical |
| Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | ||||
| CVE-2021-34585 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 High |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | ||||
| CVE-2021-34586 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 High |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | ||||
| CVE-2021-34593 | 2 Codesys, Wago | 28 Plcwinnt, Runtime Toolkit, 750-8202 and 25 more | 2025-08-15 | 7.5 High |
| In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | ||||
| CVE-2021-34595 | 2 Codesys, Wago | 57 Codesys, Plcwinnt, Runtime Toolkit and 54 more | 2025-08-15 | 8.1 High |
| A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | ||||
| CVE-2021-34596 | 2 Codesys, Wago | 57 Codesys, Plcwinnt, Runtime Toolkit and 54 more | 2025-08-15 | 6.5 Medium |
| A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | ||||
| CVE-2021-21000 | 1 Wago | 54 750-8202, 750-8202 Firmware, 750-8203 and 51 more | 2025-08-15 | 5.3 Medium |
| On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | ||||
| CVE-2021-21001 | 1 Wago | 54 750-8202, 750-8202 Firmware, 750-8203 and 51 more | 2025-08-15 | 9.1 Critical |
| On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. | ||||
| CVE-2021-30186 | 2 Codesys, Wago | 56 Plcwinnt, Runtime Toolkit, 750-8202 and 53 more | 2025-08-15 | 7.5 High |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | ||||
| CVE-2022-3281 | 1 Wago | 156 750-8100, 750-8100 Firmware, 750-8101 and 153 more | 2025-05-10 | 7.5 High |
| WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. | ||||
| CVE-2020-12069 | 4 Codesys, Festo, Pilz and 1 more | 114 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 111 more | 2025-05-05 | 7.8 High |
| In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | ||||
| CVE-2023-1620 | 1 Wago | 152 750-331, 750-331 Firmware, 750-8202 and 149 more | 2024-11-21 | 4.9 Medium |
| Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. | ||||
| CVE-2023-1619 | 1 Wago | 152 750-331, 750-331 Firmware, 750-8202 and 149 more | 2024-11-21 | 4.9 Medium |
| Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. | ||||
| CVE-2020-12522 | 1 Wago | 42 750-8101\/025-000, 750-8102\/025-000, 750-8202\/000-012 and 39 more | 2024-11-21 | 10 Critical |
| The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | ||||
Page 1 of 1.