VYPR

PFC200

by Wago

CVEs (34)

  • CVE-2019-5167HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d…

  • CVE-2019-5166HigMar 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in…

  • CVE-2019-5149HigMar 11, 2020
    risk 0.49cvss 7.5epss 0.02

    The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties…

  • CVE-2019-5134HigMar 11, 2020
    risk 0.49cvss 7.5epss 0.02

    An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can…

  • CVE-2020-6090HigJun 11, 2020
    risk 0.47cvss 7.2epss 0.02

    An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP…

  • CVE-2019-5156HigMar 11, 2020
    risk 0.47cvss 7.2epss 0.04

    An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware…

  • CVE-2019-5155HigMar 11, 2020
    risk 0.47cvss 7.2epss 0.05

    An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version…

  • CVE-2019-5186HigMar 23, 2020
    risk 0.46cvss 7.0epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name…

  • CVE-2019-5185HigMar 23, 2020
    risk 0.46cvss 7.0epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml…

  • CVE-2019-5177MedMar 12, 2020
    risk 0.36cvss 5.5epss 0.00

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that…

  • CVE-2019-5176MedMar 12, 2020
    risk 0.36cvss 5.5epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination…

  • CVE-2019-5182MedMar 11, 2020
    risk 0.36cvss 5.5epss 0.01

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination…

  • CVE-2021-21000MedMay 24, 2021
    risk 0.35cvss 5.3epss 0.01

    On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

  • CVE-2023-4089LowOct 17, 2023
    risk 0.18cvss 2.7epss 0.00

    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Page 2 of 2