Wago 750-362 Firmware vulnerabilities

CVE-2023-1150 [HIGH] CWE-772 CVE-2023-1150: Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated re Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

CVE-2021-34578 [CRITICAL] CWE-287 CVE-2021-34578: This vulnerability allows an attacker who has access to the WBM to read and write settings-parameter This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

CVE-2020-12506 [CRITICAL] CWE-306 CVE-2020-12506: Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attac Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in ver

CVE-2018-16210 [MEDIUM] CWE-79 CVE-2018-16210: WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XS WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.