Wago 750-8202 025-001 Firmware vulnerabilities
7 known vulnerabilities affecting wago/750-8202_025-001_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-1619MEDIUMCVSS 4.9fixed in fw22vfw222023-06-26
CVE-2023-1619 [MEDIUM] CWE-1288 CVE-2023-1619: Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high priv
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
nvd
CVE-2023-1620MEDIUMCVSS 4.9fixed in fw22vfw222023-06-26
CVE-2023-1620 [MEDIUM] CWE-1288 CVE-2023-1620: Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high priv
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
nvd
CVE-2021-34569CRITICALCVSS 9.8fixed in 18v182022-11-09
CVE-2021-34569 [CRITICAL] CWE-787 CVE-2021-34569: In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet conta
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
nvd
CVE-2021-34566CRITICALCVSS 9.1fixed in 18v182022-11-09
CVE-2021-34566 [CRITICAL] CWE-120 CVE-2021-34566: In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.
nvd
CVE-2021-34567HIGHCVSS 8.2fixed in 18v182022-11-09
CVE-2021-34567 [HIGH] CWE-125 CVE-2021-34567: In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.
nvd
CVE-2021-34568HIGHCVSS 7.5fixed in 18v182022-11-09
CVE-2021-34568 [HIGH] CWE-770 CVE-2021-34568: In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
nvd
CVE-2022-22511MEDIUMCVSS 5.4≥ fw16, < fw222022-03-09
CVE-2022-22511 [MEDIUM] CWE-79 CVE-2022-22511: Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) att
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
nvd