CVE-2021-21001 — CVSS 9.1 (critical): On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device…
CVE-2021-34584 — CVSS 9.1 (critical): Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a…
CVE-2021-34595 — CVSS 8.1 (high): A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and…
CVE-2020-12069 — CVSS 7.8 (high): In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online…
CVE-2021-30191 — CVSS 7.5 (high): CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
CVE-2021-34585 — CVSS 7.5 (high): In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not…
CVE-2021-34586 — CVSS 7.5 (high): In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server…
CVE-2021-34593 — CVSS 7.5 (high): In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in…
CVE-2022-3281 — CVSS 7.5 (high): WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of…
CVE-2021-34583 — CVSS 7.5 (high): Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a…
CVE-2021-34596 — CVSS 6.5 (medium): A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to…
CVE-2021-30187 — CVSS 5.3 (medium): CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
CVE-2021-21000 — CVSS 5.3 (medium): On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could…
CVE-2023-1620 — CVSS 4.9 (medium): Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a…
CVE-2023-1619 — CVSS 4.9 (medium): Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a…