) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-3379 |
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. Published: November 20, 2023; 3:15:44 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2023-4089 |
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. Published: October 17, 2023; 3:15:10 AM -0400 |
V4.0:(not available) V3.1: 2.7 LOW V2.0:(not available) |
| CVE-2023-1698 |
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. Published: May 15, 2023; 5:15:09 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-3738 |
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull. Published: January 19, 2023; 7:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0:(not available) |