VYPR

PLC

by Wago

CVEs (2)

  • CVE-2021-34578CriAug 31, 2021
    risk 0.64cvss 9.8epss 0.01

    This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.

  • CVE-2024-1490HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.01

    An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run…