Wago 762-4104 Firmware vulnerabilities

CVE-2021-34569 [CRITICAL] CWE-787 CVE-2021-34569: In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet conta In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

CVE-2021-34566 [CRITICAL] CWE-120 CVE-2021-34566: In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.

CVE-2021-34567 [HIGH] CWE-125 CVE-2021-34567: In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.

CVE-2021-34568 [HIGH] CWE-770 CVE-2021-34568: In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

CVE-2022-3281 [HIGH] CWE-440 CVE-2022-3281: WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in m WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.