CVEs (26)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Wago 76750 331 Firmware 750 8202/000 011 Firmware750 8202/000 012 Firmware+73 moreNov 21, 2024 Jun 26, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. |
1Wago 76750 331 Firmware 750 8202/000 011 Firmware750 8202/000 012 Firmware+73 moreNov 21, 2024 Jun 26, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. |
2Codesys Wago30750 8202 Firmware 750 8203 Firmware750 8204 Firmware+27 moreAug 15, 2025 Oct 26, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. |
2Codesys Wago30750 8202 Firmware 750 8203 Firmware750 8204 Firmware+27 moreAug 15, 2025 Oct 26, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or loc...Show more |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 Oct 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 Oct 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur...Show more |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 Oct 26, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 Oct 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. |
1Wago 9750 831/000 002 Firmware 750 831 Firmware750 880/025 000 Firmware+6 moreNov 21, 2024 Aug 31, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cau...Show more |
2Codesys Wago29750 8202 Firmware 750 8203 Firmware750 8204 Firmware+26 moreAug 15, 2025 May 25, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. |
2Codesys Wago29750 8202 Firmware 750 8203 Firmware750 8204 Firmware+26 moreAug 15, 2025 May 25, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. |
2Codesys Wago28750 8202 Firmware 750 8203 Firmware750 8204 Firmware+25 moreAug 15, 2025 May 25, 2021 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. |
1Wago 27750 8202 Firmware 750 8203 Firmware750 8204 Firmware+24 moreAug 15, 2025 May 24, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. |