VYPR

PFC200

by Wago

CVEs (34)

  • CVE-2023-1698CriMay 15, 2023
    risk 0.70cvss 9.8epss 0.82

    In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

  • CVE-2019-5079CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer…

  • CVE-2019-5075CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.04

    An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service…

  • CVE-2019-5074CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets…

  • CVE-2021-21001CriMay 24, 2021
    risk 0.59cvss 9.1epss 0.01

    On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

  • CVE-2019-5161CriMar 11, 2020
    risk 0.59cvss 9.1epss 0.03

    An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script…

  • CVE-2019-5078CriDec 18, 2019
    risk 0.59cvss 9.1epss 0.02

    An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of…

  • CVE-2019-5184HigMar 23, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and…

  • CVE-2019-5181HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer…

  • CVE-2019-5180HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination…

  • CVE-2019-5179HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.

  • CVE-2019-5178HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination…

  • CVE-2019-5171HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an…

  • CVE-2019-5170HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An…

  • CVE-2019-5169HigMar 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An…

  • CVE-2019-5175HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An…

  • CVE-2019-5174HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can…

  • CVE-2019-5173HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An…

  • CVE-2019-5172HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value…

  • CVE-2019-5168HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an…

Page 1 of 2