~/products/wago/compact_controller_cc100

pipeline liveDigest Docs

Wago Compact Controller Cc100 vulnerabilities

7 known vulnerabilities affecting wago/compact_controller_cc100.

Total CVEs

7

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1

CVE-2023-4089LOWCVSS 2.7≥ FW19, ≤ FW262023-10-17

CVE-2023-4089 [LOW] CWE-610 CVE-2023-4089: On affected Wago products an remote attacker with administrative privileges can access files to whic On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

CVE-2023-1698CRITICALCVSS 9.8PoC≥ FW20, ≤ FW22vFW232023-05-15

CVE-2023-1698 [CRITICAL] CWE-78 CVE-2023-1698: In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create ne In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

CVE-2022-45140CRITICALCVSS 9.8≥ FW16, < FW22vFW232023-02-27

CVE-2022-45140 [CRITICAL] CWE-306 CVE-2022-45140: The configuration backend allows an unauthenticated user to write arbitrary data with root privilege The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

CVE-2022-45138CRITICALCVSS 9.8≥ FW16, < FW22vFW232023-02-27

CVE-2022-45138 [CRITICAL] CWE-306 CVE-2022-45138: The configuration backend of the web-based management can be used by unauthenticated users, although The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

CVE-2022-45137MEDIUMCVSS 6.1≥ FW16, < FW22vFW232023-02-27

CVE-2022-45137 [MEDIUM] CWE-79 CVE-2022-45137: The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scr The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

CVE-2022-3281HIGHCVSS 7.5≥ 03.07.17(19), ≤ 03.09.08(21)2022-10-17

CVE-2022-3281 [HIGH] CWE-440 CVE-2022-3281: WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in m WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

CVE-2022-22511MEDIUMCVSS 5.4≥ FW16, < FW222022-03-09

CVE-2022-22511 [MEDIUM] CWE-79 CVE-2022-22511: Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) att Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.