WagoCVEs & Vulnerabilities

112 CVEs affecting Wago products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

pfc200 firmware 65pfc200 41750-8202 firmware 33750-8202 29750-881 28750-881 firmware 28750-880 firmware 26750-831 firmware 26
CVE-2023-1698KEVCRITICALin the wild

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

11 Apr 2026
9.8
CVSS
CVE-2023-5188HIGH

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

5 Dec 2023
7.5
CVSS
CVE-2023-4149CRITICAL

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

21 Nov 2023
9.8
CVSS
CVE-2023-3379MEDIUM

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

20 Nov 2023
5.3
CVSS
CVE-2023-4089LOW

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

17 Oct 2023
2.7
CVSS
CVE-2023-1620MEDIUM

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

26 Jun 2023
4.9
CVSS
CVE-2023-1619MEDIUM

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

26 Jun 2023
4.9
CVSS
CVE-2023-1150HIGH

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

26 Jun 2023
7.5
CVSS
CVE-2022-45140CRITICAL

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

27 Feb 2023
9.8
CVSS
CVE-2022-45139MEDIUM

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

27 Feb 2023
5.3
CVSS
CVE-2022-45138CRITICAL

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

27 Feb 2023
9.8
CVSS
CVE-2022-45137MEDIUM

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

27 Feb 2023
6.1
CVSS
CVE-2022-3843CRITICAL

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

16 Feb 2023
9.1
CVSS
CVE-2022-3738MEDIUM

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

19 Jan 2023
5.9
CVSS
CVE-2020-12069HIGH

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

26 Dec 2022
7.8
CVSS
CVE-2021-34569CRITICAL

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

9 Nov 2022
9.8
CVSS
CVE-2021-34568HIGH

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

9 Nov 2022
7.5
CVSS
CVE-2021-34567HIGH

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.

9 Nov 2022
8.2
CVSS
CVE-2021-34566CRITICAL

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.

9 Nov 2022
9.1
CVSS
CVE-2022-3281HIGH

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

17 Oct 2022
7.5
CVSS
CVE-2022-22511MEDIUM

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

9 Mar 2022
5.4
CVSS
CVE-2021-34596MEDIUM

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

26 Oct 2021
6.5
CVSS
CVE-2021-34595HIGH

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

26 Oct 2021
8.1
CVSS
CVE-2021-34593HIGH

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

26 Oct 2021
7.5
CVSS
CVE-2021-34586HIGH

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

26 Oct 2021
7.5
CVSS
CVE-2021-34585HIGH

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

26 Oct 2021
7.5
CVSS
CVE-2021-34584CRITICAL

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

26 Oct 2021
9.1
CVSS
CVE-2021-34583HIGH

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

26 Oct 2021
7.5
CVSS
CVE-2021-34581HIGH

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

31 Aug 2021
7.5
CVSS
CVE-2021-34578HIGH

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

31 Aug 2021
8.1
CVSS
CVE-2021-30195HIGH

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

25 May 2021
7.5
CVSS
CVE-2021-30194CRITICAL

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

25 May 2021
9.1
CVSS
CVE-2021-30193CRITICAL

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

25 May 2021
9.8
CVSS
CVE-2021-30192CRITICAL

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

25 May 2021
9.8
CVSS
CVE-2021-30191HIGH

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

25 May 2021
7.5
CVSS
CVE-2021-30190CRITICAL

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

25 May 2021
9.8
CVSS
CVE-2021-30189CRITICAL

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

25 May 2021
9.8
CVSS
CVE-2021-30188CRITICAL

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

25 May 2021
9.8
CVSS
CVE-2021-30186HIGH

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

25 May 2021
7.5
CVSS
CVE-2021-30187MEDIUM

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

25 May 2021
5.3
CVSS
CVE-2021-21001MEDIUM

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

24 May 2021
6.5
CVSS
CVE-2021-21000HIGH

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

24 May 2021
7.5
CVSS
CVE-2021-20998CRITICAL

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.

13 May 2021
9.8
CVSS
CVE-2021-20997HIGH

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.

13 May 2021
7.5
CVSS
CVE-2021-20996MEDIUM

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

13 May 2021
5.3
CVSS
CVE-2021-20995HIGH

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

13 May 2021
7.5
CVSS
CVE-2021-20994MEDIUM

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.

13 May 2021
6.1
CVSS
CVE-2021-20993MEDIUM

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

13 May 2021
5.3
CVSS
← PrevPage 1 / 3Next →