Wago 750-8202 Firmware vulnerabilities

CVE-2021-30193 [CRITICAL] CWE-787 CVE-2021-30193: CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

CVE-2021-30191 [HIGH] CWE-120 CVE-2021-30191: CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

CVE-2021-30186 [HIGH] CWE-787 CVE-2021-30186: CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

CVE-2021-30195 [HIGH] CWE-125 CVE-2021-30195: CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

CVE-2021-30187 [MEDIUM] CWE-78 CVE-2021-30187: CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CVE-2021-21000 [MEDIUM] CWE-770 CVE-2021-21000: On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

CVE-2021-21001 [CRITICAL] CWE-22 CVE-2021-21001: On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised att On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.