Wago Pfc200 Firmware vulnerabilities

CVE-2023-3379 [MEDIUM] CWE-863 CVE-2023-3379: Wago web-based management of multiple products has a vulnerability which allows an local authenticat Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

CVE-2023-4089 [LOW] CWE-610 CVE-2023-4089: On affected Wago products an remote attacker with administrative privileges can access files to whic On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

CVE-2023-1698 [CRITICAL] CWE-78 CVE-2023-1698: In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create ne In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

CVE-2022-45140 [CRITICAL] CWE-306 CVE-2022-45140: The configuration backend allows an unauthenticated user to write arbitrary data with root privilege The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

CVE-2022-45138 [CRITICAL] CWE-306 CVE-2022-45138: The configuration backend of the web-based management can be used by unauthenticated users, although The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

CVE-2022-45137 [MEDIUM] CWE-79 CVE-2022-45137: The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scr The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

CVE-2022-45139 [MEDIUM] CVE-2022-45139: A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misu A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of c

CVE-2022-3738 [MEDIUM] CWE-306 CVE-2022-3738: The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

CVE-2020-6090 [HIGH] CWE-345 CVE-2020-6090: An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality o An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2019-5185 [HIGH] CWE-787 CVE-2019-5185: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interfac

CVE-2019-5186 [HIGH] CWE-120 CVE-2019-5186: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interface

CVE-2019-5184 [HIGH] CWE-415 CVE-2019-5184: An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to

CVE-2019-5180 [HIGH] CWE-787 CVE-2019-5180: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that

CVE-2019-5181 [HIGH] CWE-787 CVE-2019-5181: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted p

CVE-2019-5179 [HIGH] CWE-787 CVE-2019-5179: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVE-2019-5178 [HIGH] CWE-787 CVE-2019-5178: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname value

CVE-2019-5171 [HIGH] CWE-78 CVE-2019-5171: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-ad

CVE-2019-5170 [HIGH] CWE-78 CVE-2019-5170: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.A

CVE-2019-5169 [HIGH] CWE-78 CVE-2019-5169: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVE-2019-5176 [MEDIUM] CWE-787 CVE-2019-5176: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values