Wago 750-8207

24 CVEs affecting Wago 750-8207. Latest disclosed: 2023-06-26. Critical: 9, High: 10.

Top CVEs affecting Wago 750-8207
CVESeverityScorePublishedSummary
CVE-2021-30193Critical9.82021-05-25CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CVE-2021-30192Critical9.82021-05-25CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CVE-2021-30190Critical9.82021-05-25CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CVE-2021-30189Critical9.82021-05-25CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CVE-2021-30188Critical9.82021-05-25CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
CVE-2018-5459Critical9.82018-02-13An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenti…
CVE-2021-34584Critical9.12021-10-26Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2…
CVE-2021-30194Critical9.12021-05-25CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
CVE-2021-21001Critical9.12021-05-24On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file…
CVE-2021-34595High8.12021-10-26A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions…
CVE-2020-12069High7.82022-12-26In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords…
CVE-2022-3281High7.52022-10-17WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filteri…
CVE-2021-34593High7.52021-10-26In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-ser…
CVE-2021-34586High7.52021-10-26In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a…
CVE-2021-34585High7.52021-10-26In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all condit…
CVE-2021-34583High7.52021-10-26Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2…
CVE-2021-30195High7.52021-05-25CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVE-2021-30191High7.52021-05-25CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
CVE-2021-30186High7.52021-05-25CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVE-2021-34596Medium6.52021-10-26A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resul…