Wago 750-880 Firmware vulnerabilities

26 known vulnerabilities affecting wago/750-880_firmware.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH10MEDIUM7

Vulnerabilities

Page 2 of 2
CVE-2021-21001MEDIUMCVSS 6.5fixed in fw162021-05-24
CVE-2021-21001 [CRITICAL] CWE-22 CVE-2021-21001: On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised att On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
nvd
CVE-2020-12516HIGHCVSS 7.5≥ fw1, ≤ fw102020-12-10
CVE-2020-12516 [HIGH] CWE-400 CVE-2020-12516: Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable f Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
nvd
CVE-2020-12505CRITICALCVSS 9.1≤ fw072020-09-30
CVE-2020-12505 [HIGH] CWE-306 CVE-2020-12505: Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attac Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
nvd
CVE-2019-10712CRITICALCVSS 9.8fixed in 142019-05-07
CVE-2019-10712 [CRITICAL] CWE-798 CVE-2019-10712: The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 7 The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
nvd
CVE-2018-16210MEDIUMCVSS 6.1fixed in 142018-10-12
CVE-2018-16210 [MEDIUM] CWE-79 CVE-2018-16210: WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XS WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
nvd
CVE-2018-8836MEDIUMCVSS 5.3≤ 102018-04-03
CVE-2018-8836 [MEDIUM] CWE-404 CVE-2018-8836: Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage o Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may re
nvd
← Previous2 / 2