Wago 750-891 Firmware vulnerabilities

CVE-2021-21000 [MEDIUM] CWE-770 CVE-2021-21000: On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

CVE-2021-21001 [CRITICAL] CWE-22 CVE-2021-21001: On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised att On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

CVE-2020-12506 [CRITICAL] CWE-306 CVE-2020-12506: Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attac Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in ver

CVE-2018-16210 [MEDIUM] CWE-79 CVE-2018-16210: WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XS WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.