Wago 750-8207_firmware
23 CVEs affecting Wago 750-8207_firmware. Latest disclosed: 2023-06-26. Critical: 8, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-30193 | Critical | 9.8 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. |
CVE-2021-30192 | Critical | 9.8 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. |
CVE-2021-30190 | Critical | 9.8 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. |
CVE-2021-30189 | Critical | 9.8 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. |
CVE-2021-30188 | Critical | 9.8 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. |
CVE-2021-34584 | Critical | 9.1 | 2021-10-26 | Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2… |
CVE-2021-30194 | Critical | 9.1 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. |
CVE-2021-21001 | Critical | 9.1 | 2021-05-24 | On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file… |
CVE-2021-34595 | High | 8.1 | 2021-10-26 | A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions… |
CVE-2020-12069 | High | 7.8 | 2022-12-26 | In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords… |
CVE-2022-3281 | High | 7.5 | 2022-10-17 | WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filteri… |
CVE-2021-34593 | High | 7.5 | 2021-10-26 | In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-ser… |
CVE-2021-34586 | High | 7.5 | 2021-10-26 | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a… |
CVE-2021-34585 | High | 7.5 | 2021-10-26 | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all condit… |
CVE-2021-34583 | High | 7.5 | 2021-10-26 | Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2… |
CVE-2021-30195 | High | 7.5 | 2021-05-25 | CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. |
CVE-2021-30191 | High | 7.5 | 2021-05-25 | CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. |
CVE-2021-30186 | High | 7.5 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. |
CVE-2021-34596 | Medium | 6.5 | 2021-10-26 | A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resul… |
CVE-2021-30187 | Medium | 5.3 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. |