2022-12-26
|
CVE-2020-12069
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
|
Control_for_beaglebone, Control_for_empc\-A\/imx6, Control_for_iot2000, Control_for_linux, Control_for_pfc100, Control_for_pfc200, Control_for_plcnext, Control_for_raspberry_pi, Control_rte_v3, Control_v3_runtime_system_toolkit, Control_win_v3, Hmi_v3, V3_simulation_runtime, Controller_cecc\-D_firmware, Controller_cecc\-Lk_firmware, Controller_cecc\-S_firmware, Pmc, 750\-8100_firmware, 750\-8101_firmware, 750\-8102_firmware, 750\-8202_firmware, 750\-8203_firmware, 750\-8204_firmware, 750\-8206_firmware, 750\-8207_firmware, 750\-8210_firmware, 750\-8211_firmware, 750\-8212_firmware, 750\-8213_firmware, 750\-8214_firmware, 750\-8215_firmware, 750\-8216_firmware, 750\-8217_firmware, 752\-8303\/8000\-0002_firmware, 762\-4201\/8000\-001_firmware, 762\-4202\/8000\-001_firmware, 762\-4203\/8000\-001_firmware, 762\-4204\/8000\-001_firmware, 762\-4205\/8000\-001_firmware, 762\-4205\/8000\-002_firmware, 762\-4206\/8000\-001_firmware, 762\-4206\/8000\-002_firmware, 762\-4301\/8000\-002_firmware, 762\-4302\/8000\-002_firmware, 762\-4303\/8000\-002_firmware, 762\-4304\/8000\-002_firmware, 762\-4305\/8000\-002_firmware, 762\-4306\/8000\-002_firmware, 762\-5203\/8000\-001_firmware, 762\-5204\/8000\-001_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5303\/8000\-002_firmware, 762\-5304\/8000\-002_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6201\/8000\-001_firmware, 762\-6202\/8000\-001_firmware, 762\-6203\/8000\-001_firmware, 762\-6204\/8000\-001_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
7.8
|
|
|
2022-11-09
|
CVE-2021-34567
|
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.
|
750\-8100_firmware, 750\-8101\/025\-000_firmware, 750\-8101_firmware, 750\-8102\/025\-000_firmware, 750\-8102_firmware, 750\-8202\/000\-011_firmware, 750\-8202\/000\-012_firmware, 750\-8202\/000\-022_firmware, 750\-8202\/025\-000_firmware, 750\-8202\/025\-001_firmware, 750\-8202\/025\-002_firmware, 750\-8202\/040\-000_firmware, 750\-8202\/040\-001_firmware, 750\-8202_firmware, 752\-8303\/8000\-002_firmware, 762\-4101_firmware, 762\-4102_firmware, 762\-4103_firmware, 762\-4104_firmware, 762\-4201\/8000\-001_firmware, 762\-4202\/8000\-001_firmware, 762\-4203\/8000\-001_firmware, 762\-4204\/8000\-001_firmware, 762\-4205\/8000\-001_firmware, 762\-4205\/8000\-002_firmware, 762\-4206\/8000\-001_firmware, 762\-4206\/8000\-002_firmware, 762\-4301\/8000\-002_firmware, 762\-4302\/8000\-002_firmware, 762\-4303\/8000\-002_firmware, 762\-4304\/8000\-002_firmware, 762\-4305\/8000\-002_firmware, 762\-4306\/8000\-002_firmware, 762\-5203\/8000\-001_firmware, 762\-5204\/8000\-001_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5303\/8000\-002_firmware, 762\-5304\/8000\-002_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6201\/8000\-001_firmware, 762\-6202\/8000\-001_firmware, 762\-6203\/8000\-001_firmware, 762\-6204\/8000\-001_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
8.2
|
|
|
2022-11-09
|
CVE-2021-34566
|
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.
|
750\-8100_firmware, 750\-8101\/025\-000_firmware, 750\-8101_firmware, 750\-8102\/025\-000_firmware, 750\-8102_firmware, 750\-8202\/000\-011_firmware, 750\-8202\/000\-012_firmware, 750\-8202\/000\-022_firmware, 750\-8202\/025\-000_firmware, 750\-8202\/025\-001_firmware, 750\-8202\/025\-002_firmware, 750\-8202\/040\-000_firmware, 750\-8202\/040\-001_firmware, 750\-8202_firmware, 752\-8303\/8000\-002_firmware, 762\-4101_firmware, 762\-4102_firmware, 762\-4103_firmware, 762\-4104_firmware, 762\-4201\/8000\-001_firmware, 762\-4202\/8000\-001_firmware, 762\-4203\/8000\-001_firmware, 762\-4204\/8000\-001_firmware, 762\-4205\/8000\-001_firmware, 762\-4205\/8000\-002_firmware, 762\-4206\/8000\-001_firmware, 762\-4206\/8000\-002_firmware, 762\-4301\/8000\-002_firmware, 762\-4302\/8000\-002_firmware, 762\-4303\/8000\-002_firmware, 762\-4304\/8000\-002_firmware, 762\-4305\/8000\-002_firmware, 762\-4306\/8000\-002_firmware, 762\-5203\/8000\-001_firmware, 762\-5204\/8000\-001_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5303\/8000\-002_firmware, 762\-5304\/8000\-002_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6201\/8000\-001_firmware, 762\-6202\/8000\-001_firmware, 762\-6203\/8000\-001_firmware, 762\-6204\/8000\-001_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
9.1
|
|
|
2022-11-09
|
CVE-2021-34568
|
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
|
750\-8100_firmware, 750\-8101\/025\-000_firmware, 750\-8101_firmware, 750\-8102\/025\-000_firmware, 750\-8102_firmware, 750\-8202\/000\-011_firmware, 750\-8202\/000\-012_firmware, 750\-8202\/000\-022_firmware, 750\-8202\/025\-000_firmware, 750\-8202\/025\-001_firmware, 750\-8202\/025\-002_firmware, 750\-8202\/040\-000_firmware, 750\-8202\/040\-001_firmware, 750\-8202_firmware, 752\-8303\/8000\-002_firmware, 762\-4101_firmware, 762\-4102_firmware, 762\-4103_firmware, 762\-4104_firmware, 762\-4201\/8000\-001_firmware, 762\-4202\/8000\-001_firmware, 762\-4203\/8000\-001_firmware, 762\-4204\/8000\-001_firmware, 762\-4205\/8000\-001_firmware, 762\-4205\/8000\-002_firmware, 762\-4206\/8000\-001_firmware, 762\-4206\/8000\-002_firmware, 762\-4301\/8000\-002_firmware, 762\-4302\/8000\-002_firmware, 762\-4303\/8000\-002_firmware, 762\-4304\/8000\-002_firmware, 762\-4305\/8000\-002_firmware, 762\-4306\/8000\-002_firmware, 762\-5203\/8000\-001_firmware, 762\-5204\/8000\-001_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5303\/8000\-002_firmware, 762\-5304\/8000\-002_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6201\/8000\-001_firmware, 762\-6202\/8000\-001_firmware, 762\-6203\/8000\-001_firmware, 762\-6204\/8000\-001_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
7.5
|
|
|
2022-11-09
|
CVE-2021-34569
|
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
|
750\-8100_firmware, 750\-8101\/025\-000_firmware, 750\-8101_firmware, 750\-8102\/025\-000_firmware, 750\-8102_firmware, 750\-8202\/000\-011_firmware, 750\-8202\/000\-012_firmware, 750\-8202\/000\-022_firmware, 750\-8202\/025\-000_firmware, 750\-8202\/025\-001_firmware, 750\-8202\/025\-002_firmware, 750\-8202\/040\-000_firmware, 750\-8202\/040\-001_firmware, 750\-8202_firmware, 752\-8303\/8000\-002_firmware, 762\-4101_firmware, 762\-4102_firmware, 762\-4103_firmware, 762\-4104_firmware, 762\-4201\/8000\-001_firmware, 762\-4202\/8000\-001_firmware, 762\-4203\/8000\-001_firmware, 762\-4204\/8000\-001_firmware, 762\-4205\/8000\-001_firmware, 762\-4205\/8000\-002_firmware, 762\-4206\/8000\-001_firmware, 762\-4206\/8000\-002_firmware, 762\-4301\/8000\-002_firmware, 762\-4302\/8000\-002_firmware, 762\-4303\/8000\-002_firmware, 762\-4304\/8000\-002_firmware, 762\-4305\/8000\-002_firmware, 762\-4306\/8000\-002_firmware, 762\-5203\/8000\-001_firmware, 762\-5204\/8000\-001_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5303\/8000\-002_firmware, 762\-5304\/8000\-002_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6201\/8000\-001_firmware, 762\-6202\/8000\-001_firmware, 762\-6203\/8000\-001_firmware, 762\-6204\/8000\-001_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
9.8
|
|
|
2022-10-17
|
CVE-2022-3281
|
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.
|
750\-8100_firmware, 750\-8101\/000\-010_firmware, 750\-8101\/025\-000_firmware, 750\-8101_firmware, 750\-8102\/025\-000_firmware, 750\-8102_firmware, 750\-8202\/000\-011_firmware, 750\-8202\/000\-012_firmware, 750\-8202\/000\-022_firmware, 750\-8202\/040\-000_firmware, 750\-8206\/025\-000_firmware, 750\-8206\/025\-001_firmware, 750\-8206\/040\-000_firmware, 750\-8206\/040\-001_firmware, 750\-8206_firmware, 750\-8207\/025\-000_firmware, 750\-8207\/025\-001_firmware, 750\-8207_firmware, 750\-8208\/025\-000_firmware, 750\-8208\/025\-001_firmware, 750\-8208_firmware, 750\-8210\/025\-000_firmware, 750\-8210\/040\-000_firmware, 750\-8210_firmware, 750\-8211\/040\-000_firmware, 750\-8211_firmware, 750\-8212\/000\-100_firmware, 750\-8212\/025\-000_firmware, 750\-8212\/025\-001_firmware, 750\-8212\/025\-002_firmware, 750\-8212\/040\-000_firmware, 750\-8212\/040\-001_firmware, 750\-8212\/040\-010_firmware, 750\-8212_firmware, 750\-8213\/040\-010_firmware, 750\-8213_firmware, 750\-8214_firmware, 750\-8215_firmware, 750\-8216\/025\-000_firmware, 750\-8216\/025\-001_firmware, 750\-8216\/040\-000_firmware, 750\-8216_firmware, 750\-8217\/025\-000_firmware, 750\-8217\/600\-000_firmware, 750\-8217\/625\-000_firmware, 750\-8217_firmware, 751\-9301_firmware, 752\-8303\/8000\-002_firmware, 762\-4101_firmware, 762\-4102_firmware, 762\-4103_firmware, 762\-4104_firmware, 762\-4201\/8000\-001_firmware, 762\-4202\/8000\-001_firmware, 762\-4203\/8000\-001_firmware, 762\-4204\/8000\-001_firmware, 762\-4205\/8000\-001_firmware, 762\-4206\/8000\-001_firmware, 762\-4301\/8000\-002_firmware, 762\-4302\/8000\-002_firmware, 762\-4303\/8000\-002_firmware, 762\-4304\/8000\-002_firmware, 762\-5203\/8000\-001_firmware, 762\-5204\/8000\-001_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5303\/8000\-002_firmware, 762\-5304\/8000\-002_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6201\/8000\-001_firmware, 762\-6202\/8000\-001_firmware, 762\-6203\/8000\-001_firmware, 762\-6204\/8000\-001_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
7.5
|
|
|
2022-03-09
|
CVE-2022-22511
|
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
|
750\-8100_firmware, 750\-8101\/025\-000_firmware, 750\-8101_firmware, 750\-8102\/025\-000_firmware, 750\-8102_firmware, 750\-8202\/000\-012_firmware, 750\-8202\/000\-022_firmware, 750\-8202\/025\-000_firmware, 750\-8202\/025\-001_firmware, 750\-8202_firmware, 750\-82_firmware, 751\-9301_firmware, 752\-8303\/8000\-002_firmware, 762\-4205\/8000\-002_firmware, 762\-4206\/8000\-002_firmware, 762\-4305\/8000\-002_firmware, 762\-4306\/8000\-002_firmware, 762\-5205\/8000\-001_firmware, 762\-5206\/8000\-001_firmware, 762\-5305\/8000\-002_firmware, 762\-5306\/8000\-002_firmware, 762\-6301\/8000\-002_firmware, 762\-6302\/8000\-002_firmware, 762\-6303\/8000\-002_firmware, 762\-6304\/8000\-002_firmware
|
5.4
|
|
|